PT-2023-20953 · Unknown · Opengoofy Hippo4J
Laoquanshi
·
Published
2023-03-27
·
Updated
2023-03-31
·
CVE-2023-27096
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
OpenGoofy Hippo4j version 1.4.3
Description
The issue allows an attacker to obtain sensitive information via the
ConfigVerifyController function of the Tenant Management module.Recommendations
For OpenGoofy Hippo4j version 1.4.3, consider restricting access to the
ConfigVerifyController function until a patch is available.Exploit
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opengoofy Hippo4J