Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1oODU1LTZocGgtdjM2M84AAyVZ
Hippo4j allows attacker to obtain sensitive info via ConfigVerifyController function of Tenant Management module
Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker to obtain sensitive information via the ConfigVerifyController function of the Tenant Management module.
Permalink: https://github.com/advisories/GHSA-h855-6hph-v363JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oODU1LTZocGgtdjM2M84AAyVZ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 1 year ago
Updated: about 1 year ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-h855-6hph-v363, CVE-2023-27096
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-27096
- https://github.com/opengoofy/hippo4j/issues/1060
- https://github.com/advisories/GHSA-h855-6hph-v363
Blast Radius: 1.0
Affected Packages
maven:cn.hippo4j:hippo4j-all
Dependent packages: 0Dependent repositories: 0
Downloads:
Affected Version Ranges: <= 1.4.3
No known fixed version
All affected versions: 0.0.1, 0.9.0, 1.0.0, 1.1.0, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.4.2, 1.4.3