CVE-2019-0182

Name of the Vulnerable Software and Affected Versions Open Cloud Integrity Technology (affected versions not specified) OpenAttestation (affected versions not specified)

Description The issue is related to insufficient password protection in the attestation database for Open CIT, which may allow an authenticated user to potentially enable information disclosure via local access. Additionally, there are errors in path name restriction to a restricted directory, which can be exploited to disclose protected information.

Recommendations For Open Cloud Integrity Technology, ensure proper password protection is in place for the attestation database to prevent information disclosure. For OpenAttestation, consider implementing stricter access controls to the restricted directory to mitigate the risk of information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.