CVE-2023-2541Exposure of Sensitive System Information to an Unauthorized Control Sphere in Business HUB

CWE-497Exposure of Sensitive System Information to an Unauthorized Control SphereCWE-200Sensitive Information Exposure3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
0.5%
top 34.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Knime Business HUBKnime Business HUB
Timeline
PublishedJun 7

Description

The Web Frontend of KNIME Business Hub before 1.4.0 allows an unauthenticated remote attacker to access internals about the application such as versions, host names, or IP addresses. No personal information or application data was exposed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDknime/business_hub< 1.4.0
CVEListV5knime/knime_business_hub1.0.01.4.0

🔴Vulnerability Details

2
GHSA
GHSA-hg34-pjxc-5j77: The Web Frontend of KNIME Business Hub before 12023-06-07
CVEList
Sensitive information disclosure in KNIME Hub Web Application2023-06-07
CVE-2023-2541 — Knime Business HUB vulnerability | cvebase