CVE-2020-28937

Name of the Vulnerable Software and Affected Versions OpenClinic version 0.8.2

Description The issue allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of Protected Health Information (PHI) stored in the application. This can be done via a direct request for the "/tests/" URI.

Recommendations For OpenClinic version 0.8.2, consider restricting access to the "/tests/" URI until a patch is available. As a temporary workaround, implement proper authentication mechanisms to prevent unauthenticated access to patient medical test results.