CVE-2023-27096 – cn.hippo4j:hippo4j-all

Package

Manager: maven
Name: cn.hippo4j:hippo4j-all
Vulnerable Version: >=0 <=1.4.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00117 pctl0.31178

Details

Hippo4j allows attacker to obtain sensitive info via ConfigVerifyController function of Tenant Management module Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker to obtain sensitive information via the ConfigVerifyController function of the Tenant Management module.

Metadata

Created: 2023-03-27T15:30:17Z
Modified: 2023-03-31T22:43:40Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-h855-6hph-v363/GHSA-h855-6hph-v363.json
CWE IDs: ["CWE-732"]
Alternative ID: GHSA-h855-6hph-v363
Finding: F039
Auto approve: 1