exploitDog

CVE-2024-58320

Опубликовано: 18 дек. 2025

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

An information disclosure vulnerability in Kentico Xperience allows public users to access sensitive administration interface hostname details during authentication. Attackers can retrieve confidential hostname configuration information through a public endpoint, potentially exposing internal network details.

Ссылки

https://devnet.kentico.com/download/hotfixes
Product
https://www.vulncheck.com/advisories/kentico-xperience-authentication-information-disclosure
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kentico:xperience:*:*:*:*:*:*:*:*

Версия до 13.0.159 (включая)

EPSS

Процентиль: 23%

0.00076

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-497

Связанные уязвимости

GHSA-chq4-5285-wpm4

CVSS3: 5.3

github

около 2 месяцев назад

An information disclosure vulnerability in Kentico Xperience allows public users to access sensitive administration interface hostname details during authentication. Attackers can retrieve confidential hostname configuration information through a public endpoint, potentially exposing internal network details.

EPSS

Процентиль: 23%

0.00076

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-497