Описание
Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive system information, including the full SignalK data schema, connected serial devices, and installed analyzer tools. This exposure facilitates reconnaissance for further attacks. Version 2.19.0 patches the issue.
Ссылки
- Release Notes
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.19.0 (исключая)
cpe:2.3:a:signalk:signal_k_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 12%
0.00039
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-200
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 5.3
github
около 1 месяца назад
Signal K Server Vulnerable to Unauthenticated Information Disclosure via Exposed Endpoints
EPSS
Процентиль: 12%
0.00039
Низкий
5.3 Medium
CVSS3
Дефекты
CWE-200
NVD-CWE-noinfo