An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV does not require authentication and allows an unauthenticated user to export a report and access the results.
References
Link | Resource |
---|---|
https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0001.md | Exploit Third Party Advisory |
Configurations
History
16 Oct 2023, 18:25
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0001.md - Exploit, Third Party Advisory | |
First Time |
Plixer
Plixer scrutinizer |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CPE | cpe:2.3:a:plixer:scrutinizer:*:*:*:*:*:*:*:* | |
CWE | CWE-287 |
12 Oct 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-12 23:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-41261
Mitre link : CVE-2023-41261
CVE.ORG link : CVE-2023-41261
JSON object : View
Products Affected
plixer
- scrutinizer
CWE
CWE-287
Improper Authentication