Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14Zzg5LXZ2d3AtOWMyN84AAyIz
Exposure of Sensitive Information in OpenGoofy Hippo4j
Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module.
Permalink: https://github.com/advisories/GHSA-xg89-vvwp-9c27JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14Zzg5LXZ2d3AtOWMyN84AAyIz
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: over 1 year ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-xg89-vvwp-9c27, CVE-2023-27095
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-27095
- https://github.com/opengoofy/hippo4j/issues/1061
- https://github.com/advisories/GHSA-xg89-vvwp-9c27
Blast Radius: 8.3
Affected Packages
maven:cn.hippo4j:hippo4j-core
Dependent packages: 7Dependent repositories: 19
Downloads:
Affected Version Ranges: <= 1.4.3
No known fixed version
All affected versions: 1.1.0, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.4.2, 1.4.3