Lucene search

@huntrdevCVELIST:CVE-2023-4877

HistorySep 10, 2023 - 12:00 a.m.

CVE-2023-4877 Exposure of Sensitive Information to an Unauthorized Actor in hamza417/inure

2023-09-1000:00:42

CWE-200

@huntrdev

www.cve.org

cve-2023-4877

sensitive information

unauthorized actor

github

hamza417/inure

build92

exposure

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

49.2%

JSON

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92.

CNA Affected

[
  {
    "vendor": "hamza417",
    "product": "hamza417/inure",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "build92",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/hamza417/inure/commit/09762e8c059be5983ca55e6424b2b5992fa740e7

huntr.dev/bounties/168e9299-f8ff-40d6-9def-d097b38bad84

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

49.2%

JSON

Related for CVELIST:CVE-2023-4877