An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality.
An authenticated user with reduced visibility can obtain unauthorized information via the debug functionality, obtaining data that would normally be not accessible in the Query and Assertions functions.
References
| Link | Resource |
|---|---|
| https://security.nozominetworks.com/NN-2023:5-01 | Vendor Advisory |
| https://security.nozominetworks.com/NN-2023:5-01 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:47
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://security.nozominetworks.com/NN-2023:5-01 - Vendor Advisory |
28 May 2024, 13:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | (en) An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality. An authenticated user with reduced visibility can obtain unauthorized information via the debug functionality, obtaining data that would normally be not accessible in the Query and Assertions functions. |
16 Aug 2023, 19:46
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:nozominetworks:cmc:*:*:*:*:*:*:*:* cpe:2.3:a:nozominetworks:guardian:*:*:*:*:*:*:*:* |
|
| References | (MISC) https://security.nozominetworks.com/NN-2023:5-01 - Vendor Advisory | |
| CWE | CWE-863 | |
| First Time |
Nozominetworks cmc
Nozominetworks guardian Nozominetworks |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
09 Aug 2023, 09:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-08-09 09:15
Updated : 2024-11-21 07:47
NVD link : CVE-2023-24471
Mitre link : CVE-2023-24471
CVE.ORG link : CVE-2023-24471
JSON object : View
Products Affected
nozominetworks
- guardian
- cmc
CWE
CWE-863
Incorrect Authorization