Lucene search

MitreCVELIST:CVE-2023-31056

HistoryApr 24, 2023 - 12:00 a.m.

CVE-2023-31056

2023-04-2400:00:00

mitre

www.cve.org

cve-2023-31056

cloverdx

password logging

audit log

single sign-on

fixed versions

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.2%

JSON

CloverDX before 5.17.3 writes passwords to the audit log in certain situations, if the audit log is enabled and single sign-on is not employed. The fixed versions are 5.15.4, 5.16.2, 5.17.3, and 6.0.x.

References

support1.cloverdx.com/hc/en-us/articles/8484869595164-Security-advisory-April-2023

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.2%

JSON

Related for CVELIST:CVE-2023-31056