Lucene search

GoogleOSV:CVE-2024-23687

HistoryJan 19, 2024 - 10:15 p.m.

CVE-2024-23687

2024-01-1922:15:08

Google

osv.dev

folio

mod-data-export-spring

hard-coded credentials

unauthorized access

data manipulation

apis

configurations

single-sign-on

fees/fines

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.6%

JSON

Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines.

CPENameOperatorVersion
mod-data-export-springeq1.1.1
mod-data-export-springeq1.0.1
mod-data-export-springeq1.0.2
mod-data-export-springeq1.1.0
mod-data-export-springeq1.1.2
mod-data-export-springeq1.0.3
mod-data-export-springeq1.0.4
mod-data-export-springeq1.0.5
mod-data-export-springeq1.1.3
mod-data-export-springeq1.2.0

Name	Operator	Version
mod-data-export-spring	eq	1.1.1
mod-data-export-spring	eq	1.0.1
mod-data-export-spring	eq	1.0.2
mod-data-export-spring	eq	1.1.0
mod-data-export-spring	eq	1.1.2
mod-data-export-spring	eq	1.0.3
mod-data-export-spring	eq	1.0.4
mod-data-export-spring	eq	1.0.5
mod-data-export-spring	eq	1.1.3
mod-data-export-spring	eq	1.2.0

References

github.com/advisories/GHSA-vf78-3q9f-92g3

github.com/folio-org/mod-data-export-spring/commit/93aff4566bff59e30f4121b5a2bda5b0b508a446

github.com/folio-org/mod-data-export-spring/security/advisories/GHSA-vf78-3q9f-92g3

vulncheck.com/advisories/vc-advisory-GHSA-vf78-3q9f-92g3

wiki.folio.org/x/hbMMBw

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

9.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.6%

JSON

Related for OSV:CVE-2024-23687