Lucene search

GoogleOSV:GO-2024-2496

HistoryJun 28, 2024 - 3:28 p.m.

Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability in github.com/apache/servicecomb-service-center

2024-06-2815:28:53

Google

osv.dev

apache

servicecomb

service-center

sensitive data

exposure

vulnerability

github

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

26.1%

JSON

Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability in github.com/apache/servicecomb-service-center.

NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.

(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)

The additional affected modules and versions are: github.com/apache/servicecomb-service-center before v2.2.0.

References

www.openwall.com/lists/oss-security/2024/01/31/5

github.com/advisories/GHSA-r8xp-52mq-rmm8

lists.apache.org/thread/dkvlgnrmc17qzjdy9k0cr60wpzcssk1s

nvd.nist.gov/vuln/detail/CVE-2023-44312

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

26.1%

JSON

Related for OSV:GO-2024-2496