CVE-2023-51650

Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
GitHub_MCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
apachehertzbeat
𝑥
< 1.4.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/dromara/hertzbeat/releases/tag/v1.4.1
https://github.com/dromara/hertzbeat/security/advisories/GHSA-rrc5-qpxr-5jm2
https://github.com/dromara/hertzbeat/releases/tag/v1.4.1
https://github.com/dromara/hertzbeat/security/advisories/GHSA-rrc5-qpxr-5jm2