exploitDog

GHSA-3fmg-j52q-2cm9

Опубликовано: 15 дек. 2021

Источник: github

Github: Не прошло ревью

CVSS3: 5.3

Описание

Sysaid API User Enumeration - Attacker sending requests to specific api path without any authorization before 21.3.60 version could get users names from the LDAP server.

Sysaid API User Enumeration - Attacker sending requests to specific api path without any authorization before 21.3.60 version could get users names from the LDAP server.

Ссылки

EPSS

Процентиль: 36%

0.0015

Низкий

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-287

Связанные уязвимости

CVE-2021-36721

CVSS3: 4.4

nvd

около 4 лет назад

Sysaid API User Enumeration - Attacker sending requests to specific api path without any authorization before 21.3.60 version could get users names from the LDAP server.

EPSS

Процентиль: 36%

0.0015

Низкий

5.3 Medium

CVSS3

CVE ID

Дефекты

CWE-287