Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0zNDdmLXJ4ZzgtcWdyds4AAx_5
Easy!Appointments uses hard-coded credentials
Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments 1.4.3 and prior. A patch is available and anticipated to be part of version 1.5.0.
Permalink: https://github.com/advisories/GHSA-347f-rxg8-qgrvJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zNDdmLXJ4ZzgtcWdyds4AAx_5
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: about 1 year ago
Updated: about 1 year ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-347f-rxg8-qgrv, CVE-2023-1269
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-1269
- https://github.com/alextselegidis/easyappointments/commit/2731d2f17c5140c562426b857e9f5d63da5c4593
- https://huntr.dev/bounties/91c31eb6-024d-4ad3-88fe-f15b03fd20f5
- https://github.com/advisories/GHSA-347f-rxg8-qgrv
Blast Radius: 1.0
Affected Packages
packagist:alextselegidis/easyappointments
Dependent packages: 0Dependent repositories: 0
Downloads: 228 total
Affected Version Ranges: <= 1.4.3
No known fixed version
All affected versions: 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.3.2, 1.4.0, 1.4.1, 1.4.2, 1.4.3