CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
CVE-2024-52905 (GCVE-0-2024-52905)
Vulnerability from cvelistv5 – Published: 2025-03-10 16:05 – Updated: 2025-09-01 10:15
VLAI
Title
IBM Sterling B2B Integrator information disclosure
Summary
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 could disclose sensitive database information to a privileged user.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7185264 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Sterling B2B Integrator Standard Edition |
Affected:
6.0.0.0 , ≤ 6.1.2.6
(semver)
Affected: 6.2.0.0 , ≤ 6.2.0.3 (semver) cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.6:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:* cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.3:*:*:*:standard:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52905",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T16:26:21.833161Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T16:31:09.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.1.2.6:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.0:*:*:*:standard:*:*:*",
"cpe:2.3:a:ibm:sterling_b2b_integrator:6.2.0.3:*:*:*:standard:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Sterling B2B Integrator Standard Edition",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "6.1.2.6",
"status": "affected",
"version": "6.0.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.2.0.3",
"status": "affected",
"version": "6.2.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 could disclose sensitive database information to a privileged user."
}
],
"value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.3 could disclose sensitive database information to a privileged user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T10:15:16.815Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7185264"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Sterling B2B Integrator information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-52905",
"datePublished": "2025-03-10T16:05:13.550Z",
"dateReserved": "2024-11-17T14:25:57.179Z",
"dateUpdated": "2025-09-01T10:15:16.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-53683 (GCVE-0-2024-53683)
Vulnerability from cvelistv5 – Published: 2025-01-17 16:44 – Updated: 2025-01-21 16:40
VLAI
Title
Ossur Mobile Logic Application Exposure of Sensitive System Information to an Unauthorized Control Sphere
Summary
A valid set of credentials in a .js file and a static token for
communication were obtained from the decompiled IPA. An attacker could
use the information to disrupt normal use of the application by changing
the translation files and thus weaken the integrity of normal use.
Severity
4.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Ossur | Mobile Logic Application |
Affected:
0 , < 1.5.5
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53683",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T16:40:31.139479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T16:40:39.805Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mobile Logic Application",
"vendor": "Ossur",
"versions": [
{
"lessThan": "1.5.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bryan Riggins reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A valid set of credentials in a .js file and a static token for \ncommunication were obtained from the decompiled IPA. An attacker could \nuse the information to disrupt normal use of the application by changing\n the translation files and thus weaken the integrity of normal use."
}
],
"value": "A valid set of credentials in a .js file and a static token for \ncommunication were obtained from the decompiled IPA. An attacker could \nuse the information to disrupt normal use of the application by changing\n the translation files and thus weaken the integrity of normal use."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T16:44:17.245Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-354-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ossur recommends users download Version 1.5.5 or later of the mobile \napplication. The latest version of the application can be obtained \nthrough the app store on respective mobile devices. No additional action\n is required by users.\n\n\u003cbr\u003e"
}
],
"value": "Ossur recommends users download Version 1.5.5 or later of the mobile \napplication. The latest version of the application can be obtained \nthrough the app store on respective mobile devices. No additional action\n is required by users."
}
],
"source": {
"advisory": "ICSMA-24-354-01",
"discovery": "EXTERNAL"
},
"title": "Ossur Mobile Logic Application Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-53683",
"datePublished": "2025-01-17T16:44:17.245Z",
"dateReserved": "2024-12-17T14:11:48.969Z",
"dateUpdated": "2025-01-21T16:40:39.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-53768 (GCVE-0-2024-53768)
Vulnerability from cvelistv5 – Published: 2024-11-30 21:02 – Updated: 2026-04-28 16:10
VLAI
Title
WordPress Content Audit Exporter plugin <= 1.1 - Sensitive Data Exposure vulnerability
Summary
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ideinteractive Content Audit Exporter content-audit-exporter allows Retrieve Embedded Sensitive Data.This issue affects Content Audit Exporter: from n/a through <= 1.1.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ideinteractive | Content Audit Exporter |
Affected:
0 , ≤ 1.1
(custom)
|
Date Public
2026-04-01 16:30
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53768",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-02T15:49:39.760101Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T15:50:21.354Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "content-audit-exporter",
"product": "Content Audit Exporter",
"vendor": "ideinteractive",
"versions": [
{
"lessThanOrEqual": "1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joshua Chan | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:30:11.092Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ideinteractive Content Audit Exporter content-audit-exporter allows Retrieve Embedded Sensitive Data.\u003cp\u003eThis issue affects Content Audit Exporter: from n/a through \u003c= 1.1.\u003c/p\u003e"
}
],
"value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ideinteractive Content Audit Exporter content-audit-exporter allows Retrieve Embedded Sensitive Data.This issue affects Content Audit Exporter: from n/a through \u003c= 1.1."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:10:44.922Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/content-audit-exporter/vulnerability/wordpress-content-audit-exporter-plugin-1-1-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"title": "WordPress Content Audit Exporter plugin \u003c= 1.1 - Sensitive Data Exposure vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-53768",
"datePublished": "2024-11-30T21:02:40.516Z",
"dateReserved": "2024-11-22T13:52:57.782Z",
"dateUpdated": "2026-04-28T16:10:44.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-53814 (GCVE-0-2024-53814)
Vulnerability from cvelistv5 – Published: 2024-12-09 13:16 – Updated: 2026-04-28 16:10
VLAI
Title
WordPress Analytify plugin <= 5.4.3 - Broken Access Control vulnerability
Summary
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Adnan Analytify wp-analytify.This issue affects Analytify: from n/a through <= 5.4.3.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Date Public
2026-04-01 16:30
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53814",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-09T13:47:52.934557Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-09T13:49:54.759Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-analytify",
"product": "Analytify",
"vendor": "Adnan",
"versions": [
{
"changes": [
{
"at": "5.5.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.4.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:30:16.458Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Adnan Analytify wp-analytify.\u003cp\u003eThis issue affects Analytify: from n/a through \u003c= 5.4.3.\u003c/p\u003e"
}
],
"value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Adnan Analytify wp-analytify.This issue affects Analytify: from n/a through \u003c= 5.4.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:10:46.856Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-analytify/vulnerability/wordpress-analytify-plugin-5-4-3-broken-access-control-vulnerability?_s_id=cve"
}
],
"title": "WordPress Analytify plugin \u003c= 5.4.3 - Broken Access Control vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-53814",
"datePublished": "2024-12-09T13:16:01.198Z",
"dateReserved": "2024-11-22T13:53:36.471Z",
"dateUpdated": "2026-04-28T16:10:46.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-53867 (GCVE-0-2024-53867)
Vulnerability from cvelistv5 – Published: 2024-12-03 16:52 – Updated: 2024-12-03 19:07
VLAI
Title
Synapse Matrix has a partial room state leak via Sliding Sync
Summary
Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/element-hq/synapse/security/ad… | x_refsource_CONFIRM |
| https://github.com/matrix-org/matrix-spec-proposa… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| element-hq | synapse |
Affected:
>= 1.113.0rc1, < 1.120.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53867",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-03T19:07:06.315341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T19:07:19.919Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "synapse",
"vendor": "element-hq",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.113.0rc1, \u003c 1.120.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T16:52:01.596Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/element-hq/synapse/security/advisories/GHSA-56w4-5538-8v8h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/element-hq/synapse/security/advisories/GHSA-56w4-5538-8v8h"
},
{
"name": "https://github.com/matrix-org/matrix-spec-proposals/pull/4186",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matrix-org/matrix-spec-proposals/pull/4186"
}
],
"source": {
"advisory": "GHSA-56w4-5538-8v8h",
"discovery": "UNKNOWN"
},
"title": "Synapse Matrix has a partial room state leak via Sliding Sync"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-53867",
"datePublished": "2024-12-03T16:52:01.596Z",
"dateReserved": "2024-11-22T17:30:02.145Z",
"dateUpdated": "2024-12-03T19:07:19.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54279 (GCVE-0-2024-54279)
Vulnerability from cvelistv5 – Published: 2024-12-16 15:41 – Updated: 2026-04-29 09:51
VLAI
Title
WordPress WP-NERD Toolkit plugin <= 1.1 - Sensitive Data Exposure vulnerability
Summary
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tobias Keller WP-NERD Toolkit wp-nerd-toolkit.This issue affects WP-NERD Toolkit: from n/a through <= 1.1.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Tobias Keller | WP-NERD Toolkit |
Affected:
0 , ≤ 1.1
(custom)
|
Date Public
2026-04-01 16:30
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54279",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-16T16:21:36.343724Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T16:21:47.555Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-nerd-toolkit",
"product": "WP-NERD Toolkit",
"vendor": "Tobias Keller",
"versions": [
{
"lessThanOrEqual": "1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joshua Chan | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:30:25.202Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tobias Keller WP-NERD Toolkit wp-nerd-toolkit.\u003cp\u003eThis issue affects WP-NERD Toolkit: from n/a through \u003c= 1.1.\u003c/p\u003e"
}
],
"value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tobias Keller WP-NERD Toolkit wp-nerd-toolkit.This issue affects WP-NERD Toolkit: from n/a through \u003c= 1.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T09:51:53.632Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-nerd-toolkit/vulnerability/wordpress-wp-nerd-toolkit-plugin-1-1-sensitive-data-exposure-vulnerability?_s_id=cve"
}
],
"title": "WordPress WP-NERD Toolkit plugin \u003c= 1.1 - Sensitive Data Exposure vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-54279",
"datePublished": "2024-12-16T15:41:50.268Z",
"dateReserved": "2024-12-02T12:04:14.141Z",
"dateUpdated": "2026-04-29T09:51:53.632Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-5735 (GCVE-0-2024-5735)
Vulnerability from cvelistv5 – Published: 2024-06-28 11:24 – Updated: 2024-08-01 21:18
VLAI
Title
Full Path Disclosure in AdmirorFrames Joomla! Extension
Summary
Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder. This issue affects AdmirorFrames: before 5.0.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://cert.pl/en/posts/2024/06/CVE-2024-5735/ | third-party-advisory |
| https://cert.pl/posts/2024/06/CVE-2024-5735/ | third-party-advisory |
| https://github.com/vasiljevski/admirorframes/issues/3 | issue-tracking |
| https://github.com/sectroyer/CVEs/tree/main/CVE-2… | technical-description |
| https://github.com/afine-com/CVE-2024-5735 | technical-description |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nikola Vasilijevski | AdmirorFrames |
Affected:
0 , < 5.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5735",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-09T18:28:13.619096Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T18:28:24.935Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:18:07.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/en/posts/2024/06/CVE-2024-5735/"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://cert.pl/posts/2024/06/CVE-2024-5735/"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/vasiljevski/admirorframes/issues/3"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5735"
},
{
"tags": [
"technical-description",
"x_transferred"
],
"url": "https://github.com/afine-com/CVE-2024-5735"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.admiror-design-studio.com/admiror-joomla-extensions/admiror-frames",
"defaultStatus": "unaffected",
"platforms": [
"Joomla!"
],
"product": "AdmirorFrames",
"repo": "https://github.com/vasiljevski/admirorframes",
"vendor": "Nikola Vasilijevski",
"versions": [
{
"lessThan": "5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marcin Wyczechowski [AFINE Team]"
},
{
"lang": "en",
"type": "finder",
"value": "Micha\u0142 Majchrowicz [AFINE Team]"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder.\u0026nbsp;\u003cp\u003eThis issue affects AdmirorFrames: before 5.0.\u003c/p\u003e"
}
],
"value": "Full Path Disclosure vulnerability in AdmirorFrames Joomla! extension in afHelper.php script allows an unauthorised attacker to retrieve location of web root folder.\u00a0This issue affects AdmirorFrames: before 5.0."
}
],
"impacts": [
{
"capecId": "CAPEC-37",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-37 Retrieve Embedded Sensitive Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/AU:Y/R:U/V:D/RE:L/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T11:31:42.587Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2024/06/CVE-2024-5735/"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/posts/2024/06/CVE-2024-5735/"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/vasiljevski/admirorframes/issues/3"
},
{
"tags": [
"technical-description"
],
"url": "https://github.com/sectroyer/CVEs/tree/main/CVE-2024-5735"
},
{
"tags": [
"technical-description"
],
"url": "https://github.com/afine-com/CVE-2024-5735"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Full Path Disclosure in AdmirorFrames Joomla! Extension",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2024-5735",
"datePublished": "2024-06-28T11:24:18.916Z",
"dateReserved": "2024-06-07T06:09:41.563Z",
"dateUpdated": "2024-08-01T21:18:07.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-58320 (GCVE-0-2024-58320)
Vulnerability from cvelistv5 – Published: 2025-12-18 19:53 – Updated: 2025-12-18 21:18
VLAI
Title
Kentico Xperience <= 13.0.159 Authentication Information Disclosure
Summary
An information disclosure vulnerability in Kentico Xperience allows public users to access sensitive administration interface hostname details during authentication. Attackers can retrieve confidential hostname configuration information through a public endpoint, potentially exposing internal network details.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://devnet.kentico.com/download/hotfixes | vendor-advisorypatch |
| https://www.vulncheck.com/advisories/kentico-xper… | third-party-advisory |
Impacted products
Date Public
2024-08-22 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-58320",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T20:16:36.081218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T21:18:59.622Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Xperience",
"vendor": "Kentico",
"versions": [
{
"lessThanOrEqual": "13.0.159",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:*",
"versionEndIncluding": "13.0.159",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bank of Ayudhya"
}
],
"datePublic": "2024-08-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability in Kentico Xperience allows public users to access sensitive administration interface hostname details during authentication. Attackers can retrieve confidential hostname configuration information through a public endpoint, potentially exposing internal network details."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T19:53:38.454Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Kentico DevNet Hotfixes",
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://devnet.kentico.com/download/hotfixes"
},
{
"name": "VulnCheck Advisory: Kentico Xperience \u003c= 13.0.159 Authentication Information Disclosure",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/kentico-xperience-authentication-information-disclosure"
}
],
"title": "Kentico Xperience \u003c= 13.0.159 Authentication Information Disclosure",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2024-58320",
"datePublished": "2025-12-18T19:53:38.454Z",
"dateReserved": "2025-12-17T16:51:11.810Z",
"dateUpdated": "2025-12-18T21:18:59.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-6388 (GCVE-0-2024-6388)
Vulnerability from cvelistv5 – Published: 2024-06-27 15:39 – Updated: 2024-08-01 21:41
VLAI
Summary
Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext.
Severity
5.9 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://bugs.launchpad.net/ubuntu/+source/ubuntu-… | issue-tracking |
| https://www.cve.org/CVERecord?id=CVE-2024-6388 | issue-tracking |
| https://github.com/canonical/ubuntu-advantage-des… | issue-tracking |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Canonical Ltd. | Ubuntu Advantage Desktop Pro |
Affected:
0 , < 1.12
(semver)
|
|
| canonical | ubuntu_advantage_desktop_pro |
Affected:
0 , < 1.12
(semver)
cpe:2.3:o:canonical:ubuntu_advantage_desktop_pro:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:canonical:ubuntu_advantage_desktop_pro:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ubuntu_advantage_desktop_pro",
"vendor": "canonical",
"versions": [
{
"lessThan": "1.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6388",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T18:48:51.687477Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T18:25:45.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:41:03.306Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6388"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"packageName": "ubuntu-advantage-desktop-daemon",
"platforms": [
"Linux"
],
"product": "Ubuntu Advantage Desktop Pro",
"repo": "https://github.com/canonical/ubuntu-advantage-desktop-daemon",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "1.12",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marco Trevisan"
}
],
"descriptions": [
{
"lang": "en",
"value": "Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in plaintext."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T15:39:04.168Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/2068944"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6388"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/canonical/ubuntu-advantage-desktop-daemon/pull/24"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-6388",
"datePublished": "2024-06-27T15:39:04.168Z",
"dateReserved": "2024-06-27T14:21:13.801Z",
"dateUpdated": "2024-08-01T21:41:03.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6389 (GCVE-0-2024-6389)
Vulnerability from cvelistv5 – Published: 2024-09-12 16:56 – Updated: 2024-09-13 14:17
VLAI
Title
Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab
Summary
An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit information via the release Atom endpoint, contrary to permissions.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-497 - Exposure of Sensitive System Information to an Unauthorized Control Sphere
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://gitlab.com/gitlab-org/gitlab/-/issues/469367 | issue-trackingpermissions-required |
| https://hackerone.com/reports/2573397 | technical-descriptionexploitpermissions-required |
| https://about.gitlab.com/releases/2024/09/11/patc… |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6389",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T17:27:09.811383Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:27:43.475Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-13T14:17:35.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://git@gitlab.com:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "17.1.7",
"status": "affected",
"version": "17.1",
"versionType": "semver"
},
{
"lessThan": "17.2.5",
"status": "affected",
"version": "17.2",
"versionType": "semver"
},
{
"lessThan": "17.3.2",
"status": "affected",
"version": "17.3",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Thanks [ashish_r_padelkar](https://hackerone.com/ashish_r_padelkar) for reporting this vulnerability through our HackerOne bug bounty program"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit information via the release Atom endpoint, contrary to permissions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-497",
"description": "CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T16:56:48.267Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"name": "GitLab Issue #469367",
"tags": [
"issue-tracking",
"permissions-required"
],
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/469367"
},
{
"name": "HackerOne Bug Bounty Report #2573397",
"tags": [
"technical-description",
"exploit",
"permissions-required"
],
"url": "https://hackerone.com/reports/2573397"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to versions 17.1.7, 17.2.5, 17.3.2 or above."
}
],
"title": "Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab"
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2024-6389",
"datePublished": "2024-09-12T16:56:48.267Z",
"dateReserved": "2024-06-27T15:01:59.660Z",
"dateUpdated": "2024-09-13T14:17:35.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phases: Architecture and Design, Implementation
Description:
- Production applications should never use methods that generate internal details such as stack traces and error messages unless that information is directly committed to a log that is not viewable by the end user. All error message text should be HTML entity encoded before being written to the log file to protect against potential cross-site scripting attacks against the viewer of the logs
CAPEC-170: Web Application Fingerprinting
An attacker sends a series of probes to a web application in order to elicit version-dependent and type-dependent behavior that assists in identifying the target. An attacker could learn information such as software versions, error pages, and response headers, variations in implementations of the HTTP protocol, directory structures, and other similar information about the targeted service. This information can then be used by an attacker to formulate a targeted attack plan. While web application fingerprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
CAPEC-694: System Location Discovery
["An adversary collects information about the target system in an attempt to identify the system's geographical location.", 'Information gathered could include keyboard layout, system language, and timezone. This information may benefit an adversary in confirming the desired target and/or tailoring further attacks.']