CVE-2023-49112

{"id": "CVE-2023-49112", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-06-20T13:15:49.480", "references": [{"url": "https://r.sec-consult.com/kiuwan", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf"}, {"url": "https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log", "source": "551230f0-3615-47bd-b7cc-93e92e730bbf"}, {"url": "http://seclists.org/fulldisclosure/2024/Jun/3", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://r.sec-consult.com/kiuwan", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "Kiuwan provides an API endpoint\n\n/saas/rest/v1/info/application\n\nto get information about any \napplication, providing only its name via the \"application\" parameter. This endpoint lacks proper access \ncontrol mechanisms, allowing other authenticated users to read \ninformation about applications, even though they have not been granted \nthe necessary rights to do so.\n\n\n\nThis issue affects Kiuwan SAST: <master.1808.p685.q13371"}, {"lang": "es", "value": "Kiuwan proporciona un endpoint API /saas/rest/v1/info/application para obtener informaci\u00f3n sobre cualquier aplicaci\u00f3n, proporcionando solo su nombre a trav\u00e9s del par\u00e1metro \"application\". Este endpoint carece de mecanismos de control de acceso adecuados, lo que permite a otros usuarios autenticados leer informaci\u00f3n sobre las aplicaciones, aunque no se les hayan otorgado los derechos necesarios para hacerlo. Este problema afecta a Kiuwan SAST: "}], "lastModified": "2025-11-04T18:15:43.530", "sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf"}