Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthorized users to visit prometheus metrics page. This can allow attackers to understand more things about the target application which may help in further investigation and exploitation.
History

Thu, 12 Dec 2024 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-732
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 12 Dec 2024 08:00:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthorized users to visit prometheus metrics page. This can allow attackers to understand more things about the target application which may help in further investigation and exploitation.
Title Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ODA CDE inWEB SDK before 2025.3
Weaknesses CWE-200
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: ODA

Published: 2024-12-12T07:41:52.862Z

Updated: 2024-12-12T14:43:57.458Z

Reserved: 2024-12-12T07:06:22.211Z

Link: CVE-2024-12564

cve-icon Vulnrichment

Updated: 2024-12-12T14:43:52.000Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-12-12T08:15:16.517

Modified: 2024-12-12T15:15:12.097

Link: CVE-2024-12564

cve-icon Redhat

No data.