6

CVE-2023-37468

EPSS 0.03%
Veröffentlicht 13.07.2023 21:15:09
Zuletzt bearbeitet 21.11.2024 08:11:46
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Feedbacksystem is a personalized feedback system for students using artificial intelligence. Passwords of users using LDAP login are stored in clear text in the database. The LDAP users password is passed unencrypted in the LoginController.scala and stored in the database when logging in for the first time. Users using only local login or the cas login are not affected. This issue has been patched in version 1.19.2.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Thm ≫ Feedbacksystem Version >= 1.5.0 < 1.9.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.074

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	6	1.5	4	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

https://github.com/thm-mni-ii/feedbacksystem/commit/8d896125263e1efb1b70990987c7704426325bcf

Patch

https://github.com/thm-mni-ii/feedbacksystem/releases/tag/v1.9.2

Release Notes

https://github.com/thm-mni-ii/feedbacksystem/security/advisories/GHSA-g28r-8wg3-7349

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-37468

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-37468

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-37468

EUVD