CVE-2023-37468
6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
5.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%
Feedbacksystem is a personalized feedback system for students using artificial intelligence. Passwords of users using LDAP login are stored in clear text in the database. The LDAP users password is passed unencrypted in the LoginController.scala and stored in the database when logging in for the first time. Users using only local login or the cas login are not affected. This issue has been patched in version 1.19.2.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| thm:feedbacksystem | thm feedbacksystem | lt | 1.9.2 |
CNA Affected
[
{
"vendor": "thm-mni-ii",
"product": "feedbacksystem",
"versions": [
{
"version": ">= 1.5.0, < 1.19.2",
"status": "affected"
}
]
}
]Related
6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
5.5 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%