Lucene search

[email protected]CVE-2023-27096

HistoryMar 27, 2023 - 2:15 p.m.

CVE-2023-27096

2023-03-2714:15:08

CWE-732

[email protected]

web.nvd.nist.gov

cve-2023-27096

insecure permissions

opengoofy hippo4j

vulnerability

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.2%

JSON

Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker to obtain sensitive information via the ConfigVerifyController function of the Tenant Management module.

Affected configurations

NVD

Node

opengoofyhippo4jMatch1.4.3

CPENameOperatorVersion
opengoofy:hippo4jopengoofy hippo4jeq1.4.3

CPE	Name	Operator	Version
opengoofy:hippo4j	opengoofy hippo4j	eq	1.4.3

References

github.com/opengoofy/hippo4j/issues/1060

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.2%

JSON

Related for CVE-2023-27096

gitlab1 nvd1 prion1 cvelist1 github1 osv2