The api /api/snapshot and /api/get_log_file would allow unauthenticated access.
It could allow a DoS attack or get arbitrary files from FE node.
Please upgrade to 2.0.3 to fix these issues.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 20 Nov 2024 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-11-20T18:11:21.234Z

Reserved: 2023-08-28T15:52:14.092Z

Link: CVE-2023-41314

cve-icon Vulnrichment

Updated: 2024-08-02T18:54:05.185Z

cve-icon NVD

Status : Modified

Published: 2023-12-18T09:15:05.667

Modified: 2024-11-21T08:21:03.213

Link: CVE-2023-41314

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.