Lucene search
INCIBECVE-2024-2725HistoryMar 22, 2024 - 2:15 p.m.
CVE-2024-2725
2024-03-2214:15:10
CWE-200
INCIBE
web.nvd.nist.gov
27
cve-2024-2725
information exposure
cigesv2
remote attacker
vendor
composer
installed packages
nvd
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
6.8
Confidence
Low
EPSS
0
Percentile
9.0%
Information exposure vulnerability in the CIGESv2 system. A remote attacker might be able to access /vendor/composer/installed.json and retrieve all installed packages used by the application.
Affected configurations
Node
cigescigesv2Range≤CIGESv2
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "CIGESv2",
"vendor": "Ciges",
"versions": [
{
"status": "affected",
"version": "CIGESv2"
}
]
}
]
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
6.8
Confidence
Low
EPSS
0
Percentile
9.0%
Related for CVE-2024-2725