Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthorized users to visit prometheus metrics page. This can allow attackers to understand more things about the target application which may help in further investigation and exploitation.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.opendesign.com/security-advisories |
History
Thu, 12 Dec 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-732 | |
Metrics |
ssvc
|
Thu, 12 Dec 2024 08:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthorized users to visit prometheus metrics page. This can allow attackers to understand more things about the target application which may help in further investigation and exploitation. | |
Title | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ODA CDE inWEB SDK before 2025.3 | |
Weaknesses | CWE-200 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: ODA
Published: 2024-12-12T07:41:52.862Z
Updated: 2024-12-12T14:43:57.458Z
Reserved: 2024-12-12T07:06:22.211Z
Link: CVE-2024-12564
Vulnrichment
Updated: 2024-12-12T14:43:52.000Z
NVD
Status : Awaiting Analysis
Published: 2024-12-12T08:15:16.517
Modified: 2024-12-12T15:15:12.097
Link: CVE-2024-12564
Redhat
No data.