Lucene search

[email protected]CVE-2023-51650

HistoryDec 22, 2023 - 9:15 p.m.

CVE-2023-51650

2023-12-2221:15:09

CWE-862

[email protected]

web.nvd.nist.gov

hertzbeat

open source

monitoring system

unauthorized access

disclosure

sensitive information

cve-2023-51650

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.0%

JSON

Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue.

Affected configurations

Vulners

NVD

Node

dromarahertzbeatRange<1.4.1

VendorProductVersionCPE
dromarahertzbeat*cpe:2.3:a:dromara:hertzbeat:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dromara	hertzbeat	*	cpe:2.3:a:dromara:hertzbeat::::::::

CNA Affected

[
  {
    "vendor": "dromara",
    "product": "hertzbeat",
    "versions": [
      {
        "version": "< 1.4.1",
        "status": "affected"
      }
    ]
  }
]

References

github.com/dromara/hertzbeat/releases/tag/v1.4.1

github.com/dromara/hertzbeat/security/advisories/GHSA-rrc5-qpxr-5jm2

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.0%

JSON

Related for CVE-2023-51650

nvd1 osv1 prion1 cvelist1