lin-CMS 0.2.0 Insecure Permissions: Remote Info Disclosure via login: CVE-2024-41601 July 2024

Insecure Permissions vulnerability in lin-CMS v.0.2.0 and before allows a remote attacker to obtain sensitive information via the login method in the UserController.java component.

Vulnerability Analysis

CVE-2024-41601 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

NONE

Availability Impact:

NONE

Weakness Type

Insecure Inherited Permissions

A product defines a set of insecure permissions that are inherited by objects that are created by the program.

Exploit Probability

EPSS

0.15%

Percentile

35.39%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

lin-CMS 0.2.0 Insecure Permissions: Remote Info Disclosure via loginCVE-2024-41601 Published on July 19, 2024

Vulnerability Analysis

Weakness Type

Insecure Inherited Permissions

Exploit Probability

lin-CMS 0.2.0 Insecure Permissions: Remote Info Disclosure via login
CVE-2024-41601 Published on July 19, 2024