Lucene search

JpcertVULNRICHMENT:CVE-2024-31404

HistoryJun 11, 2024 - 4:27 a.m.

CVE-2024-31404

2024-06-1104:27:07

jpcert

github.com

cybozu garoon

sensitive information

data insertion

security issue

cve-2024-31404

user login

scheduler data

6.6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.2%

JSON

Insertion of sensitive information into sent data issue exists in Cybozu Garoon 5.5.0 to 6.0.0, which may allow a user who can log in to the product to view the data of Scheduler.

CNA Affected

[
  {
    "vendor": "Cybozu, Inc.",
    "product": "Cybozu Garoon",
    "versions": [
      {
        "status": "affected",
        "version": "5.5.0 to 6.0.0"
      }
    ]
  }
]

References

cs.cybozu.co.jp/2024/007901.html

jvn.jp/en/jp/JVN28869536/