CVE-2023-49112

Name of the Vulnerable Software and Affected Versions Kiuwan SAST version <master.1808.p685.q13371>

Description The issue concerns an API endpoint "/saas/rest/v1/info/application" that allows access to information about any application, using the application parameter. This endpoint lacks proper access control, enabling other authenticated users to read application information without the necessary rights.

Recommendations For Kiuwan SAST version <master.1808.p685.q13371>, consider restricting access to the "/saas/rest/v1/info/application" API endpoint until a proper fix is available. As a temporary workaround, limit the use of the application parameter in this endpoint to minimize the risk of unauthorized access.