Описание
OPSI before 4.3 allows any client to retrieve any ProductPropertyState, including those of other clients. This can lead to privilege escalation if any ProductPropertyState contains a secret only intended to be accessible by a subset of clients. One example of this is a domain join account password for the windomain package.
EPSS
Процентиль: 16%
0.00051
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-200
Связанные уязвимости
CVSS3: 9.8
github
5 месяцев назад
OPSI before 4.3 allows any client to retrieve any ProductPropertyState, including those of other clients. This can lead to privilege escalation if any ProductPropertyState contains a secret only intended to be accessible by a subset of clients. One example of this is a domain join account password for the windomain package.
EPSS
Процентиль: 16%
0.00051
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-200