CVE-2023-42147 : An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sensitive info

An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sensitive information via the login key component.

Published 2023-09-20 20:15:12

Updated 2023-09-22 02:10:06

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2023-42147

Fit2cloud » Cloudexplorer Lite » Version: 1.3.1
cpe:2.3:a:fit2cloud:cloudexplorer_lite:1.3.1:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 13 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

Assigned by: nvd@nist.gov (Primary)

https://www.cnblogs.com/xyhz/p/17667095.html

CloudExplorer信息泄露漏洞 - 幸运盒子 - 博客园
Exploit;Third Party Advisory

Jump to