CVE-2023-24471

2023-08-0909:15:13

CWE-863

[email protected]

web.nvd.nist.gov

cve-2023-24471

authenticated user

reduced visibility

unauthorized information

query

assertions

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

28.3%

JSON

An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality.

An authenticated user with reduced visibility can obtain unauthorized information via the debug functionality, obtaining data that would normally be not accessible in the Query and Assertions functions.

Affected configurations

Nvd

Node

nozominetworkscmcRange<22.6.2

nozominetworksguardianRange<22.6.2

VendorProductVersionCPE
nozominetworkscmc*cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:*
nozominetworksguardian*cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:*