{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5587", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-06-01T17:15:45.189Z", "datePublished": "2024-06-02T10:00:07.703Z", "dateUpdated": "2024-08-20T13:47:48.501Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-06-02T10:00:07.703Z"}, "title": "Casdoor Configuration File app.conf file access", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-552", "lang": "en", "description": "CWE-552 Files or Directories Accessible"}]}], "affected": [{"vendor": "n/a", "product": "Casdoor", "versions": [{"version": "1.335", "status": "affected"}], "modules": ["Configuration File Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic. Affected is an unknown function of the file /conf/app.conf of the component Configuration File Handler. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266838 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine problematische Schwachstelle in Casdoor bis 1.335.0 ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Datei /conf/app.conf der Komponente Configuration File Handler. Dank der Manipulation mit unbekannten Daten kann eine files or directories accessible-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "timeline": [{"time": "2024-06-01T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-06-01T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-06-01T19:21:13.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "XbnWa (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.266838", "name": "VDB-266838 | Casdoor Configuration File app.conf file access", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.266838", "name": "VDB-266838 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.343357", "name": "Submit #343357 | https://casdoor.org/ Casdoor <= v1.335.0 Unprotected Confidential Information on Device is Accessible by", "tags": ["third-party-advisory"]}, {"url": "https://www.yuque.com/yuqueyonghunhj6tg/ygf5oy/wkwg66pioe4f5av0", "tags": ["exploit"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:18:06.500Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.266838", "name": "VDB-266838 | Casdoor Configuration File app.conf file access", "tags": ["vdb-entry", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.266838", "name": "VDB-266838 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://vuldb.com/?submit.343357", "name": "Submit #343357 | https://casdoor.org/ Casdoor <= v1.335.0 Unprotected Confidential Information on Device is Accessible by", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://www.yuque.com/yuqueyonghunhj6tg/ygf5oy/wkwg66pioe4f5av0", "tags": ["exploit", "x_transferred"]}]}, {"affected": [{"vendor": "casbin", "product": "casdoor", "cpes": ["cpe:2.3:a:casbin:casdoor:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.335", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-20T13:43:22.313467Z", "id": "CVE-2024-5587", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-20T13:47:48.501Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.266838", "name": "VDB-266838 | Casdoor Configuration File app.conf file access", "tags": ["vdb-entry", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.266838", "name": "VDB-266838 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://vuldb.com/?submit.343357", "name": "Submit #343357 | https://casdoor.org/ Casdoor <= v1.335.0 Unprotected Confidential Information on Device is Accessible by", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://www.yuque.com/yuqueyonghunhj6tg/ygf5oy/wkwg66pioe4f5av0", "tags": ["exploit", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:18:06.500Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-5587", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-20T13:43:22.313467Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:casbin:casdoor:*:*:*:*:*:*:*:*"], "vendor": "casbin", "product": "casdoor", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.335"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-20T13:46:01.660Z"}}], "cna": {"title": "Casdoor Configuration File app.conf file access", "credits": [{"lang": "en", "type": "reporter", "value": "XbnWa (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "affected": [{"vendor": "n/a", "modules": ["Configuration File Handler"], "product": "Casdoor", "versions": [{"status": "affected", "version": "1.335"}]}], "timeline": [{"lang": "en", "time": "2024-06-01T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-06-01T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-06-01T19:21:13.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.266838", "name": "VDB-266838 | Casdoor Configuration File app.conf file access", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.266838", "name": "VDB-266838 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.343357", "name": "Submit #343357 | https://casdoor.org/ Casdoor <= v1.335.0 Unprotected Confidential Information on Device is Accessible by", "tags": ["third-party-advisory"]}, {"url": "https://www.yuque.com/yuqueyonghunhj6tg/ygf5oy/wkwg66pioe4f5av0", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic. Affected is an unknown function of the file /conf/app.conf of the component Configuration File Handler. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266838 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine problematische Schwachstelle in Casdoor bis 1.335.0 ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Datei /conf/app.conf der Komponente Configuration File Handler. Dank der Manipulation mit unbekannten Daten kann eine files or directories accessible-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-552", "description": "CWE-552 Files or Directories Accessible"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-06-02T10:00:07.703Z"}}}, "cveMetadata": {"cveId": "CVE-2024-5587", "state": "PUBLISHED", "dateUpdated": "2024-08-20T13:47:48.501Z", "dateReserved": "2024-06-01T17:15:45.189Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-06-02T10:00:07.703Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic. Affected is an unknown function of the file /conf/app.conf of the component Configuration File Handler. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266838 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Casdoor hasta 1.335.0. Ha sido clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /conf/app.conf del componente Configuration File Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a archivos o directorios accesibles. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-266838 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2024-5587", "lastModified": "2024-06-03T14:46:24.250", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "NONE"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-06-02T10:15:07.427", "references": [{"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.266838"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.266838"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.343357"}, {"source": "cna@vuldb.com", "url": "https://www.yuque.com/yuqueyonghunhj6tg/ygf5oy/wkwg66pioe4f5av0"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-552"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}