CVE-2023-41261

Name of the Vulnerable Software and Affected Versions Plixer Scrutinizer versions prior to 19.3.1

Description An issue was discovered in the /fcgi/scrut fcgi.fcgi endpoint. The csvExportReport endpoint action generateCSV does not require authentication, allowing an unauthenticated user to export a report and access the results.

Recommendations For versions prior to 19.3.1, update to version 19.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the /fcgi/scrut fcgi.fcgi endpoint or disabling the generateCSV action in the csvExportReport endpoint to minimize the risk of exploitation.