CVE-2024-5587 - OpenCVE

Link	Resource
https://vuldb.com/?ctiid.266838
https://vuldb.com/?id.266838
https://vuldb.com/?submit.343357
https://www.yuque.com/yuqueyonghunhj6tg/ygf5oy/wkwg66pioe4f5av0

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-5587", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-06-01T17:15:45.189Z", "datePublished": "2024-06-02T10:00:07.703Z", "dateUpdated": "2024-06-02T10:00:07.703Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-06-02T10:00:07.703Z"}, "title": "Casdoor Configuration File app.conf file access", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-552", "lang": "en", "description": "CWE-552 Files or Directories Accessible"}]}], "affected": [{"vendor": "n/a", "product": "Casdoor", "versions": [{"version": "1.335", "status": "affected"}], "modules": ["Configuration File Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic. Affected is an unknown function of the file /conf/app.conf of the component Configuration File Handler. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266838 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine problematische Schwachstelle in Casdoor bis 1.335.0 ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Datei /conf/app.conf der Komponente Configuration File Handler. Dank der Manipulation mit unbekannten Daten kann eine files or directories accessible-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "timeline": [{"time": "2024-06-01T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-06-01T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-06-01T19:21:13.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "XbnWa (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.266838", "name": "VDB-266838 | Casdoor Configuration File app.conf file access", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.266838", "name": "VDB-266838 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.343357", "name": "Submit #343357 | https://casdoor.org/ Casdoor <= v1.335.0 Unprotected Confidential Information on Device is Accessible by", "tags": ["third-party-advisory"]}, {"url": "https://www.yuque.com/yuqueyonghunhj6tg/ygf5oy/wkwg66pioe4f5av0", "tags": ["exploit"]}]}}}

{"descriptions": [{"lang": "en", "value": "A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic. Affected is an unknown function of the file /conf/app.conf of the component Configuration File Handler. The manipulation leads to files or directories accessible. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266838 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Casdoor hasta 1.335.0. Ha sido clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /conf/app.conf del componente Configuration File Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a archivos o directorios accesibles. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-266838 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2024-5587", "lastModified": "2024-06-03T14:46:24.250", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-06-02T10:15:07.427", "references": [{"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.266838"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.266838"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.343357"}, {"source": "cna@vuldb.com", "url": "https://www.yuque.com/yuqueyonghunhj6tg/ygf5oy/wkwg66pioe4f5av0"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-552"}], "source": "cna@vuldb.com", "type": "Primary"}]}

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

JSON object

JSON object

JSON object