Lucene search

Veracode Vulnerability DatabaseVERACODE:42839

HistoryAug 18, 2023 - 1:53 a.m.

Improper Access Control

2023-08-1801:53:37

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

maven-artifact-choicelistprovider

improper access control

credentials lookup

attacker

permission

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0005 Low

EPSS

Percentile

18.1%

JSON

maven-artifact-choicelistprovider is vulnerable to Improper Access Control. The vulnerability exists because the library does not set the appropriate context for credentials lookup, which allows an attacker with Item or Configure permission to access and capture credentials they are not entitled to.

CPENameOperatorVersion
maven artifact choicelistprovider (nexus)le1.14
maven artifact choicelistprovider (nexus)le1.14

CPE	Name	Operator	Version
	maven artifact choicelistprovider (nexus)	le	1.14
	maven artifact choicelistprovider (nexus)	le	1.14

References

www.openwall.com/lists/oss-security/2023/08/16/3

github.com/advisories/GHSA-97mg-9jhf-r7rm

www.jenkins.io/security/advisory/2023-08-16/#SECURITY-3153

www.openwall.com/lists/oss-security/2023/08/16/3

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0005 Low

EPSS

Percentile

18.1%

JSON

Related for VERACODE:42839