Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
5 vulnerabilities found for DefectDojo by OWASP
CVE-2026-3816 (GCVE-0-2026-3816)
Vulnerability from nvd – Published: 2026-03-09 11:02 – Updated: 2026-03-09 17:25 X_Open Source
VLAI?
Title
OWASP DefectDojo SonarQubeParser/MSDefenderParser parser.py input_zip.read denial of service
Summary
A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function input_zip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.56.0 is able to resolve this issue. The identifier of the patch is e8f1e5131535b8fd80a7b1b3085d676295fdcd41. Upgrading the affected component is recommended.
Severity ?
CWE
- CWE-404 - Denial of Service
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OWASP | DefectDojo |
Affected:
2.55.0
Affected: 2.55.1 Affected: 2.55.2 Affected: 2.55.3 Affected: 2.55.4 Unaffected: 2.56.0 |
Credits
h3nrrrych4u (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3816",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T17:25:13.478167Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T17:25:37.675Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"SonarQubeParser/MSDefenderParser"
],
"product": "DefectDojo",
"vendor": "OWASP",
"versions": [
{
"status": "affected",
"version": "2.55.0"
},
{
"status": "affected",
"version": "2.55.1"
},
{
"status": "affected",
"version": "2.55.2"
},
{
"status": "affected",
"version": "2.55.3"
},
{
"status": "affected",
"version": "2.55.4"
},
{
"status": "unaffected",
"version": "2.56.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "h3nrrrych4u (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function input_zip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.56.0 is able to resolve this issue. The identifier of the patch is e8f1e5131535b8fd80a7b1b3085d676295fdcd41. Upgrading the affected component is recommended."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T11:02:10.662Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-349782 | OWASP DefectDojo SonarQubeParser/MSDefenderParser parser.py input_zip.read denial of service",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.349782"
},
{
"name": "VDB-349782 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.349782"
},
{
"name": "Submit #769524 | OWASP DefectDojo \u003c= 2.55.4 Denial of Service",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.769524"
},
{
"tags": [
"related"
],
"url": "https://github.com/henrrrychau/cve-bug-bounty/blob/main/dfdj_zip_bomb_dos_oom/dfdj_zip_bomb_dos_oom.md"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/DefectDojo/django-DefectDojo/pull/14408"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/henrrrychau/cve-bug-bounty/blob/main/dfdj_zip_bomb_dos_oom/dfdj_zip_bomb_dos_oom.md#supporting-materialreferences"
},
{
"tags": [
"patch"
],
"url": "https://github.com/DefectDojo/django-DefectDojo/commit/e8f1e5131535b8fd80a7b1b3085d676295fdcd41"
},
{
"tags": [
"patch"
],
"url": "https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.56.0"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-03-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-08T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-08T18:28:26.000Z",
"value": "VulDB entry last update"
}
],
"title": "OWASP DefectDojo SonarQubeParser/MSDefenderParser parser.py input_zip.read denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-3816",
"datePublished": "2026-03-09T11:02:10.662Z",
"dateReserved": "2026-03-08T17:23:16.744Z",
"dateUpdated": "2026-03-09T17:25:37.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-48171 (GCVE-0-2023-48171)
Vulnerability from nvd – Published: 2024-08-12 00:00 – Updated: 2024-08-13 18:29
VLAI?
Summary
An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:owasp:defectdojo:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "defectdojo",
"vendor": "owasp",
"versions": [
{
"lessThan": "1.5.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-48171",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T18:26:08.493674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T18:29:24.463Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T19:16:16.417Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gccybermonks.com/posts/defectdojo/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-48171",
"datePublished": "2024-08-12T00:00:00.000Z",
"dateReserved": "2023-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-13T18:29:24.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-3816 (GCVE-0-2026-3816)
Vulnerability from cvelistv5 – Published: 2026-03-09 11:02 – Updated: 2026-03-09 17:25 X_Open Source
VLAI?
Title
OWASP DefectDojo SonarQubeParser/MSDefenderParser parser.py input_zip.read denial of service
Summary
A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function input_zip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.56.0 is able to resolve this issue. The identifier of the patch is e8f1e5131535b8fd80a7b1b3085d676295fdcd41. Upgrading the affected component is recommended.
Severity ?
CWE
- CWE-404 - Denial of Service
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| OWASP | DefectDojo |
Affected:
2.55.0
Affected: 2.55.1 Affected: 2.55.2 Affected: 2.55.3 Affected: 2.55.4 Unaffected: 2.56.0 |
Credits
h3nrrrych4u (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3816",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-09T17:25:13.478167Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T17:25:37.675Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"SonarQubeParser/MSDefenderParser"
],
"product": "DefectDojo",
"vendor": "OWASP",
"versions": [
{
"status": "affected",
"version": "2.55.0"
},
{
"status": "affected",
"version": "2.55.1"
},
{
"status": "affected",
"version": "2.55.2"
},
{
"status": "affected",
"version": "2.55.3"
},
{
"status": "affected",
"version": "2.55.4"
},
{
"status": "unaffected",
"version": "2.56.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "h3nrrrych4u (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function input_zip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.56.0 is able to resolve this issue. The identifier of the patch is e8f1e5131535b8fd80a7b1b3085d676295fdcd41. Upgrading the affected component is recommended."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-404",
"description": "Denial of Service",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-09T11:02:10.662Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-349782 | OWASP DefectDojo SonarQubeParser/MSDefenderParser parser.py input_zip.read denial of service",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.349782"
},
{
"name": "VDB-349782 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.349782"
},
{
"name": "Submit #769524 | OWASP DefectDojo \u003c= 2.55.4 Denial of Service",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.769524"
},
{
"tags": [
"related"
],
"url": "https://github.com/henrrrychau/cve-bug-bounty/blob/main/dfdj_zip_bomb_dos_oom/dfdj_zip_bomb_dos_oom.md"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/DefectDojo/django-DefectDojo/pull/14408"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/henrrrychau/cve-bug-bounty/blob/main/dfdj_zip_bomb_dos_oom/dfdj_zip_bomb_dos_oom.md#supporting-materialreferences"
},
{
"tags": [
"patch"
],
"url": "https://github.com/DefectDojo/django-DefectDojo/commit/e8f1e5131535b8fd80a7b1b3085d676295fdcd41"
},
{
"tags": [
"patch"
],
"url": "https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.56.0"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-03-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-08T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-08T18:28:26.000Z",
"value": "VulDB entry last update"
}
],
"title": "OWASP DefectDojo SonarQubeParser/MSDefenderParser parser.py input_zip.read denial of service"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-3816",
"datePublished": "2026-03-09T11:02:10.662Z",
"dateReserved": "2026-03-08T17:23:16.744Z",
"dateUpdated": "2026-03-09T17:25:37.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-48171 (GCVE-0-2023-48171)
Vulnerability from cvelistv5 – Published: 2024-08-12 00:00 – Updated: 2024-08-13 18:29
VLAI?
Summary
An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:owasp:defectdojo:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "defectdojo",
"vendor": "owasp",
"versions": [
{
"lessThan": "1.5.3.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-48171",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T18:26:08.493674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T18:29:24.463Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T19:16:16.417Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gccybermonks.com/posts/defectdojo/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-48171",
"datePublished": "2024-08-12T00:00:00.000Z",
"dateReserved": "2023-11-13T00:00:00.000Z",
"dateUpdated": "2024-08-13T18:29:24.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2023-48171
Vulnerability from fkie_nvd - Published: 2024-08-12 20:15 - Updated: 2024-09-18 18:54
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://gccybermonks.com/posts/defectdojo/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| owasp | defectdojo | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:owasp:defectdojo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A57B9490-38A1-4F96-B1F3-9B69F9060C56",
"versionEndExcluding": "1.5.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component."
},
{
"lang": "es",
"value": "Un problema en OWASP DefectDojo anterior a v.1.5.3.1 permite a un atacante remoto escalar privilegios a trav\u00e9s del componente de permisos de usuario."
}
],
"id": "CVE-2023-48171",
"lastModified": "2024-09-18T18:54:08.080",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-08-12T20:15:08.213",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gccybermonks.com/posts/defectdojo/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}