CVE-2023-6554 - OpenCVE

When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tecnick	Tcexam

Configuration 1 [-]

cpe:2.3:a:tecnick:tcexam:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cert.pl/en/posts/2024/01/CVE-2023-6554/
https://cert.pl/posts/2024/01/CVE-2023-6554/
https://tcexam.org/

History

No history.

MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published: 2024-01-11T15:17:23.523Z

Updated: 2024-08-02T08:35:14.736Z

Reserved: 2023-12-06T13:46:33.216Z

Link: CVE-2023-6554

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2024-01-11T16:15:54.300

Modified: 2024-01-18T17:35:46.637

Link: CVE-2023-6554

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6554", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "state": "PUBLISHED", "assignerShortName": "CERT-PL", "dateReserved": "2023-12-06T13:46:33.216Z", "datePublished": "2024-01-11T15:17:23.523Z", "dateUpdated": "2024-08-02T08:35:14.736Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "TCExam", "repo": "https://github.com/tecnickcom/tcexam", "vendor": "Tecnick.com", "versions": [{"lessThan": "15.1.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Krzysztof Zaj\u0105c (CERT.PL)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>When access to the \"admin\" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers.<br></div><br>"}], "value": "When access to the \"admin\" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers.\n\n\n\n"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862: Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2024-01-11T15:17:23.523Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://cert.pl/en/posts/2024/01/CVE-2023-6554/"}, {"tags": ["third-party-advisory"], "url": "https://cert.pl/posts/2024/01/CVE-2023-6554/"}, {"tags": ["product"], "url": "https://tcexam.org/"}], "source": {"discovery": "UNKNOWN"}, "title": "Missing authorisation in TCExam", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:35:14.736Z"}, "title": "CVE Program Container", "references": [{"tags": ["third-party-advisory", "x_transferred"], "url": "https://cert.pl/en/posts/2024/01/CVE-2023-6554/"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://cert.pl/posts/2024/01/CVE-2023-6554/"}, {"tags": ["product", "x_transferred"], "url": "https://tcexam.org/"}]}]}}