Lucene search

KNIMECVELIST:CVE-2023-2541

HistoryJun 07, 2023 - 8:08 a.m.

CVE-2023-2541 Sensitive information disclosure in KNIME Hub Web Application

2023-06-0708:08:50

CWE-200

KNIME

www.cve.org

cve-2023-2541

web application

sensitive information

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.8%

JSON

The Web Frontend of KNIME Business Hub before 1.4.0 allows an unauthenticated remote attacker to access internals about the application such as versions, host names, or IP addresses. No personal information or application data was exposed.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "Web Application"
    ],
    "product": "KNIME Business Hub",
    "vendor": "KNIME",
    "versions": [
      {
        "lessThan": "1.4.0",
        "status": "affected",
        "version": "1.0.0",
        "versionType": "semver"
      }
    ]
  }
]

References

www.knime.com/security/advisories#CVE-2023-2541

zigrin.com/advisories/knime-business-hub-sensitive-information-disclosure/

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.8%

JSON

Related for CVELIST:CVE-2023-2541