Lucene search

K
githubGitHub Advisory DatabaseGHSA-9RHQ-86FM-QXQC
HistoryJan 20, 2024 - 12:30 a.m.

Hard-coded credentials in org.folio:mod-data-export-spring

2024-01-2000:30:27
CWE-798
GitHub Advisory Database
github.com
7
credentials
vulnerability
folio
software
unauthenticated users
apis
user data
configurations
single-sign-on
fees/fines

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7

Confidence

Low

EPSS

0.002

Percentile

51.5%

Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines.

Affected configurations

Vulners
Node
org.foliomod-data-export-springRange2.0.03.0.0
OR
org.foliomod-data-export-springRange<1.5.4
VendorProductVersionCPE
org.foliomod-data-export-spring*cpe:2.3:a:org.folio:mod-data-export-spring:*:*:*:*:*:*:*:*

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

7

Confidence

Low

EPSS

0.002

Percentile

51.5%

Related for GHSA-9RHQ-86FM-QXQC