CVE-2023-51650

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

H

ertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue.

References

Link	Resource
https://github.com/dromara/hertzbeat/releases/tag/v1.4.1	Release Notes
https://github.com/dromara/hertzbeat/security/advisories/GHSA-rrc5-qpxr-5jm2	Exploit Vendor Advisory
https://github.com/dromara/hertzbeat/releases/tag/v1.4.1	Release Notes
https://github.com/dromara/hertzbeat/security/advisories/GHSA-rrc5-qpxr-5jm2	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:hertzbeat:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:38

Type	Values Removed	Values Added
References	~~() https://github.com/dromara/hertzbeat/releases/tag/v1.4.1 - Release Notes~~	() https://github.com/dromara/hertzbeat/releases/tag/v1.4.1 - Release Notes
References	~~() https://github.com/dromara/hertzbeat/security/advisories/GHSA-rrc5-qpxr-5jm2 - Exploit, Vendor Advisory~~	() https://github.com/dromara/hertzbeat/security/advisories/GHSA-rrc5-qpxr-5jm2 - Exploit, Vendor Advisory

28 Aug 2024, 15:44

Type	Values Removed	Values Added
First Time		Apache Apache hertzbeat
CPE	cpe:2.3:a:dromara:hertzbeat::::::::	cpe:2.3:a:apache:hertzbeat::::::::

Information

Published : 2023-12-22 21:15

Updated : 2024-11-21 08:38

NVD link : CVE-2023-51650

Mitre link : CVE-2023-51650

CVE.ORG link : CVE-2023-51650

JSON object : View

Products Affected

hertzbeat

CWE

CWE-862

Missing Authorization

{"id": "CVE-2023-51650", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-12-22T21:15:09.503", "references": [{"url": "https://github.com/dromara/hertzbeat/releases/tag/v1.4.1", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-rrc5-qpxr-5jm2", "tags": ["Exploit", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://github.com/dromara/hertzbeat/releases/tag/v1.4.1", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-rrc5-qpxr-5jm2", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue.\n"}, {"lang": "es", "value": "Hertzbeat es un sistema de monitoreo en tiempo real de c\u00f3digo abierto. Antes de la versi\u00f3n 1.4.1, los problemas de configuraci\u00f3n de permisos de Spring Boot provocaban vulnerabilidades de acceso no autorizado a tres interfaces. Esto podr\u00eda resultar en la divulgaci\u00f3n de informaci\u00f3n confidencial del servidor. La versi\u00f3n 1.4.1 soluciona este problema."}], "lastModified": "2024-11-21T08:38:32.290", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:hertzbeat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B4E8400-424B-4FCB-81C8-5D559B146130", "versionEndExcluding": "1.4.1"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}