5.3

CVE-2022-31189

EPSS 0.23%
Veröffentlicht 01.08.2022 21:15:13
Zuletzt bearbeitet 21.11.2024 07:04:05
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an "Internal System Error" occurs in the JSPUI, then entire exception (including stack trace) is available. Information in this stacktrace may be useful to an attacker in launching a more sophisticated attack. This vulnerability only impacts the JSPUI. This issue has been fixed in version 6.4. users are advised to upgrade. Users unable to upgrade should disable the display of error messages in their internal.jsp file.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Duraspace ≫ Dspace Version > 4.0 < 6.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.458

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
security-advisories@github.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

https://github.com/DSpace/DSpace/commit/afcc6c3389729b85d5c7b0230cbf9aaf7452f31a

Patch

Third Party Advisory

https://github.com/DSpace/DSpace/security/advisories/GHSA-c2j7-66m3-r4ff

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-31189

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-31189

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-31189

EUVD