Information disclosure

2008-08-1919:41:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.8%

JSON

Harmoni before 1.6.0 does not require administrative privileges to list (1) user names or (2) asset ids, which allows remote attackers to obtain sensitive information.

CPENameOperatorVersion
harmonieq0.7.2
harmonieq0.2.0
harmonieq1.0.2
harmonieq1.3.0
harmonieq0.3.2
harmonieq1.0.3
harmonieq0.7.0
harmonieq1.1.0
harmonieq1.3.4
harmonieq0.7.6

Name	Operator	Version
harmoni	eq	0.7.2
harmoni	eq	0.2.0
harmoni	eq	1.0.2
harmoni	eq	1.3.0
harmoni	eq	0.3.2
harmoni	eq	1.0.3
harmoni	eq	0.7.0
harmoni	eq	1.1.0
harmoni	eq	1.3.4
harmoni	eq	0.7.6

Rows per page:

1-10 of 451

References

secunia.com/advisories/31503

sourceforge.net/project/shownotes.php?release_id=619864

sourceforge.net/tracker/index.php?func=detail&aid=2040324&group_id=82171&atid=1098812

www.securityfocus.com/bid/30706

exchange.xforce.ibmcloud.com/vulnerabilities/44485