CVE-2023-44312 - OpenCVE

Exposure of Sensitive Information to an Unauthorized Actor in Apache ServiceComb Service-Center.This issue affects Apache ServiceComb Service-Center before 2.1.0 (include). Users are recommended to upgrade to version 2.2.0, which fixes the issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Servicecomb

Configuration 1 [-]

cpe:2.3:a:apache:servicecomb:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2024/01/31/5
https://lists.apache.org/thread/dkvlgnrmc17qzjdy9k0cr60wpzcssk1s

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-01-31T08:49:12.741Z

Updated: 2024-08-02T19:59:51.946Z

Reserved: 2023-09-28T13:17:47.537Z

Link: CVE-2023-44312

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2024-01-31T09:15:43.693

Modified: 2024-02-08T17:08:11.110

Link: CVE-2023-44312

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-44312", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2023-09-28T13:17:47.537Z", "datePublished": "2024-01-31T08:49:12.741Z", "dateUpdated": "2024-08-02T19:59:51.946Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache ServiceComb Service-Center", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "2.1.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "\u82cf \u5b89 <suanwell@hotmail.com>"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Exposure of Sensitive Information to an Unauthorized Actor in Apache ServiceComb Service-Center.<p>This issue affects \n\nApache ServiceComb Service-Center\n\n before 2.1.0 (include).</p><p>Users are recommended to upgrade to version 2.2.0, which fixes the issue.</p>"}], "value": "Exposure of Sensitive Information to an Unauthorized Actor in Apache ServiceComb Service-Center.This issue affects \n\nApache ServiceComb Service-Center\n\n before 2.1.0 (include).\n\nUsers are recommended to upgrade to version 2.2.0, which fixes the issue.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-01-31T08:49:12.741Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/dkvlgnrmc17qzjdy9k0cr60wpzcssk1s"}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/31/5"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache ServiceComb Service-Center: attacker can query all environment variables of the service-center server", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:59:51.946Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/dkvlgnrmc17qzjdy9k0cr60wpzcssk1s"}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/31/5", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:servicecomb:*:*:*:*:*:*:*:*", "matchCriteriaId": "42A1CA41-0FBA-401D-BDCB-86E169C784E1", "versionEndExcluding": "2.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor in Apache ServiceComb Service-Center.This issue affects \n\nApache ServiceComb Service-Center\n\n before 2.1.0 (include).\n\nUsers are recommended to upgrade to version 2.2.0, which fixes the issue.\n\n"}, {"lang": "es", "value": "Exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado en Apache ServiceComb Service-Center. Este problema afecta a Apache ServiceComb Service-Center anterior a 2.1.0 (incluido). Se recomienda a los usuarios actualizar a la versi\u00f3n 2.2.0, que soluciona el problema."}], "id": "CVE-2023-44312", "lastModified": "2024-02-08T17:08:11.110", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@apache.org", "type": "Secondary"}]}, "published": "2024-01-31T09:15:43.693", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2024/01/31/5"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.apache.org/thread/dkvlgnrmc17qzjdy9k0cr60wpzcssk1s"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@apache.org", "type": "Secondary"}]}