PT-2023-20951 · Unknown · Opengoofy Hippo4J

Laoquanshi

Publicado

2023-03-23

Atualizado

2023-03-27

CVE-2023-27094

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenGoofy Hippo4j version 1.4.3

Description An issue in OpenGoofy Hippo4j allows attackers to escalate privileges via the ThreadPoolController of the tenant Management module.

Recommendations For OpenGoofy Hippo4j version 1.4.3, consider restricting access to the ThreadPoolController in the tenant Management module until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269

Identificadores relacionados

CVE-2023-27094

GHSA-FVX4-8H2X-GM9Q

Produtos afetados

Opengoofy Hippo4J

PT-2023-20951 · Unknown · Opengoofy Hippo4J

CVE-2023-27094

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7