CVE-2023-49112

EUVD-2023-53120
Kiuwan provides an API endpoint

/saas/rest/v1/info/application

to get information about any 
application, providing only its name via the "application" parameter. This endpoint lacks proper access 
control mechanisms, allowing other authenticated users to read 
information about applications, even though they have not been granted 
the necessary rights to do so.



This issue affects Kiuwan SAST: <master.1808.p685.q13371
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
Common Weakness Enumeration
References
https://r.sec-consult.com/kiuwan
https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log
http://seclists.org/fulldisclosure/2024/Jun/3
https://r.sec-consult.com/kiuwan
https://www.kiuwan.com/docs/display/K5/%5B2024-05-30%5D+Change+Log