CVE-2023-51650 Vulnerability Details

  /     /     /  

CVE-2023-51650 Metadata Quick Info

CVE Published: 22/12/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: GitHub_M | Vendor: dromara | Product: hertzbeat
Status : PUBLISHED

CVE-2023-51650 Description

Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue.

Metrics

CVSS Version: 3.1 | Base Score: 7.5 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* NONE
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-862
CWE Name: CWE-862: Missing Authorization
Source: dromara

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).