CVE-2023-51650 - Vulnerability Details - OpenCVE

ReportizFlow

Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Hertzbeat

Configuration 1 [-]

cpe:2.3:a:apache:hertzbeat:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/dromara/hertzbeat/releases/tag/v1.4.1
https://github.com/dromara/hertzbeat/security/advisories/GHSA-rrc5-qpxr-5jm2

History

Wed, 28 Aug 2024 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apache Apache hertzbeat
CPEs	cpe:2.3:a:dromara:hertzbeat::::::::	cpe:2.3:a:apache:hertzbeat::::::::
Vendors & Products	Dromara Dromara hertzbeat	Apache Apache hertzbeat

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-12-22T20:56:37.097Z

Updated: 2025-04-23T16:17:23.509Z

Reserved: 2023-12-20T22:12:04.737Z

Link: CVE-2023-51650

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-12-22T21:15:09.503

Modified: 2024-11-21T08:38:32.290

Link: CVE-2023-51650

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-51650", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-12-20T22:12:04.737Z", "datePublished": "2023-12-22T20:56:37.097Z", "dateUpdated": "2025-04-23T16:17:23.509Z"}, "containers": {"cna": {"title": "Unauthorized access vulnerability on three interfaces", "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "lang": "en", "description": "CWE-862: Missing Authorization", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-rrc5-qpxr-5jm2", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-rrc5-qpxr-5jm2"}, {"name": "https://github.com/dromara/hertzbeat/releases/tag/v1.4.1", "tags": ["x_refsource_MISC"], "url": "https://github.com/dromara/hertzbeat/releases/tag/v1.4.1"}], "affected": [{"vendor": "dromara", "product": "hertzbeat", "versions": [{"version": "< 1.4.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-12-22T20:56:37.097Z"}, "descriptions": [{"lang": "en", "value": "Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue.\n"}], "source": {"advisory": "GHSA-rrc5-qpxr-5jm2", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:40:33.824Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-rrc5-qpxr-5jm2", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-rrc5-qpxr-5jm2"}, {"name": "https://github.com/dromara/hertzbeat/releases/tag/v1.4.1", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/dromara/hertzbeat/releases/tag/v1.4.1"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-01-02T16:44:50.661080Z", "id": "CVE-2023-51650", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T16:17:23.509Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:hertzbeat:*:*:*:*:*:*:*:*", "matchCriteriaId": "0B4E8400-424B-4FCB-81C8-5D559B146130", "versionEndExcluding": "1.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue.\n"}, {"lang": "es", "value": "Hertzbeat es un sistema de monitoreo en tiempo real de c\u00f3digo abierto. Antes de la versi\u00f3n 1.4.1, los problemas de configuraci\u00f3n de permisos de Spring Boot provocaban vulnerabilidades de acceso no autorizado a tres interfaces. Esto podr\u00eda resultar en la divulgaci\u00f3n de informaci\u00f3n confidencial del servidor. La versi\u00f3n 1.4.1 soluciona este problema."}], "id": "CVE-2023-51650", "lastModified": "2024-11-21T08:38:32.290", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2023-12-22T21:15:09.503", "references": [{"source": "[email protected]", "tags": ["Release Notes"], "url": "https://github.com/dromara/hertzbeat/releases/tag/v1.4.1"}, {"source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-rrc5-qpxr-5jm2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/dromara/hertzbeat/releases/tag/v1.4.1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/dromara/hertzbeat/security/advisories/GHSA-rrc5-qpxr-5jm2"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "[email protected]", "type": "Secondary"}]}