CVE-2023-38195

EUVD-2023-42017
Datalust Seq before 2023.2.9489 allows insertion of sensitive information into an externally accessible file or directory. This is exploitable only when external (SQL Server or PostgreSQL) metadata storage is used. Exploitation can only occur from a high-privileged user account.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
Affected Products (NVD)
VendorProductVersion
datalustseq
𝑥
< 2023.2.9489
𝑥
= Vulnerable software versions
References
https://github.com/datalust/seq-tickets/issues/1886
https://github.com/datalust/seq-tickets/issues/1886