CVE-2023-23584

Опубликовано: 18 дек. 2023

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable.

This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4), all version of 8.50 and prior.

Ссылки

https://security.gallagher.com/Security-Advisories/CVE-2023-23584
Vendor Advisory
https://security.gallagher.com/Security-Advisories/CVE-2023-23584
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*

Версия до 8.50 (включая)

cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*

Версия от 8.60 (включая) до 8.60.2039 (исключая)

cpe:2.3:a:gallagher:command_centre:*:*:*:*:*:*:*:*

Версия от 8.70 (включая) до 8.70.1787 (исключая)

EPSS

Процентиль: 38%

0.00168

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-204

CWE-203

Связанные уязвимости

GHSA-wmhc-qw7c-4774

CVSS3: 4.3

github

около 2 лет назад

An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4), all version of 8.50 and prior.

EPSS

Процентиль: 38%

0.00168

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-204

CWE-203