PT-2023-29279 · Mycli+1 · Mycli+1

Gxx777

Publicado

2023-10-19

Atualizado

2023-10-25

CVE-2023-44690

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions mycli version 1.27.0

Description The issue is related to inadequate encryption strength, allowing attackers to view sensitive information. This can be done via the /mycli/config.py endpoint.

Recommendations For mycli version 1.27.0, consider updating to a newer version that addresses the inadequate encryption strength issue. As a temporary workaround, restrict access to the /mycli/config.py endpoint to minimize the risk of exploitation.

Exploit

Correção

Inadequate Encryption Strength

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-326

Identificadores relacionados

CVE-2023-44690

GHSA-V9VJ-9PXV-MR2W

PYSEC-2023-213

Produtos afetados

Debian

Mycli

PT-2023-29279 · Mycli+1 · Mycli+1

CVE-2023-44690

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 15