CVE-2024-23687

Name of the Vulnerable Software and Affected Versions FOLIO mod-data-export-spring versions before 1.5.4 FOLIO mod-data-export-spring versions from 2.0.0 to 2.0.2

Description The issue concerns hard-coded credentials in the mod-data-export-spring module, allowing unauthenticated users to access critical APIs. This results in unauthorized access to potentially dangerous APIs, enabling the modification of user data, configurations including single-sign-on, and the manipulation of fees/fines in a patron's account. The module creates a system user for internal operations, and the hard-coded credentials for this user make it easy to authenticate and gain unauthorized access.

Recommendations For FOLIO mod-data-export-spring versions before 1.5.4, upgrade to version 1.5.4 or later. For FOLIO mod-data-export-spring versions from 2.0.0 to 2.0.2, upgrade to version 2.0.2 or later.