All the vulnerabilites related to Jubei Inc. - JB Inquiry form
jvndb-2023-000034
Vulnerability from jvndb
Published
2023-04-14 15:48
Modified
2024-05-29 16:44
Severity ?
Summary
JB Inquiry form vulnerable to exposure of private personal information to an unauthorized actor
Details
JB Inquiry form provided by Jubei Inc. contains an exposure of private personal information to an unauthorized actor vulnerability (CWE-359).
Yuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN36340790/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2023-27510 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2023-27510 | |
| Information Exposure(CWE-200) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000034.html",
"dc:date": "2024-05-29T16:44+09:00",
"dcterms:issued": "2023-04-14T15:48+09:00",
"dcterms:modified": "2024-05-29T16:44+09:00",
"description": "JB Inquiry form provided by Jubei Inc. contains an exposure of private personal information to an unauthorized actor vulnerability (CWE-359).\r\n\r\nYuji Tounai of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000034.html",
"sec:cpe": [
{
"#text": "cpe:/a:jubei:jb_inquiry_form",
"@product": "JB Inquiry Form",
"@vendor": "Jubei Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:jubei:jb_inquiry_form",
"@product": "JB Inquiry Form",
"@vendor": "Jubei Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:jubei:jb_inquiry_form",
"@product": "JB Inquiry Form",
"@vendor": "Jubei Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:jubei:jb_inquiry_form",
"@product": "JB Inquiry Form",
"@vendor": "Jubei Inc.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000034",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN36340790/index.html",
"@id": "JVN#36340790",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-27510",
"@id": "CVE-2023-27510",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27510",
"@id": "CVE-2023-27510",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "JB Inquiry form vulnerable to exposure of private personal information to an unauthorized actor"
}
cve-2023-27510
Vulnerability from cvelistv5
Published
2023-05-10 00:00
Modified
2024-08-02 12:16
Severity ?
EPSS score ?
Summary
JB Inquiry form contains an exposure of private personal information to an unauthorized actor vulnerability, which may allow a remote unauthenticated attacker to obtain information entered from forms created using the affected product. The affected products and versions are as follows: JB Inquiry form versions 0.6.1 and 0.6.0, JB Inquiry form versions 0.5.2, 0.5.1 and 0.5.0, and JB Inquiry form version 0.40.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Jubei Inc. | JB Inquiry form |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:16:35.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://jubei.co.jp/formmail/info20230414.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN36340790/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "JB Inquiry form",
"vendor": "Jubei Inc.",
"versions": [
{
"status": "affected",
"version": "versions 0.6.1 and 0.6.0, versions 0.5.2, 0.5.1, and 0.5.0, and version 0.40"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "JB Inquiry form contains an exposure of private personal information to an unauthorized actor vulnerability, which may allow a remote unauthenticated attacker to obtain information entered from forms created using the affected product. The affected products and versions are as follows: JB Inquiry form versions 0.6.1 and 0.6.0, JB Inquiry form versions 0.5.2, 0.5.1 and 0.5.0, and JB Inquiry form version 0.40."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Exposure of private personal information to an unauthorized actor",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T00:00:00",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jubei.co.jp/formmail/info20230414.html"
},
{
"url": "https://jvn.jp/en/jp/JVN36340790/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-27510",
"datePublished": "2023-05-10T00:00:00",
"dateReserved": "2023-03-15T00:00:00",
"dateUpdated": "2024-08-02T12:16:35.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}