Lucene search

GitHub Advisory DatabaseGHSA-9RHQ-86FM-QXQC

HistoryJan 20, 2024 - 12:30 a.m.

Hard-coded credentials in org.folio:mod-data-export-spring

2024-01-2000:30:27

CWE-798

GitHub Advisory Database

github.com

credentials

vulnerability

folio

software

unauthenticated users

apis

user data

configurations

single-sign-on

fees/fines

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

51.6%

JSON

Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines.

Affected configurations

Vulners

Node

openlibraryfoundationmod-data-export-springRange2.0.0≥

openlibraryfoundationmod-data-export-springRange<3.0.0

openlibraryfoundationmod-data-export-springRange<1.5.4

CPENameOperatorVersion
org.folio:mod-data-export-springge2.0.0
org.folio:mod-data-export-springlt3.0.0
org.folio:mod-data-export-springlt1.5.4

Name	Operator	Version
org.folio:mod-data-export-spring	ge	2.0.0
org.folio:mod-data-export-spring	lt	3.0.0
org.folio:mod-data-export-spring	lt	1.5.4

References

github.com/advisories/GHSA-9rhq-86fm-qxqc

github.com/advisories/GHSA-vf78-3q9f-92g3

github.com/folio-org/mod-data-export-spring/commit/93aff4566bff59e30f4121b5a2bda5b0b508a446

github.com/folio-org/mod-data-export-spring/commit/cb6785565067a2a90c1e2250c241e5b23214c691

github.com/folio-org/mod-data-export-spring/security/advisories/GHSA-vf78-3q9f-92g3

nvd.nist.gov/vuln/detail/CVE-2024-23687

vulncheck.com/advisories/vc-advisory-GHSA-vf78-3q9f-92g3

wiki.folio.org/x/hbMMBw

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

51.6%

JSON

Related for GHSA-9RHQ-86FM-QXQC