CVE-2023-2665
published 2023-05-12CVE-2023-2665: Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0.
PriorityP341high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.61%
44.9th percentile
Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| francoisjacquet | francoisjacquet_rosariosis | >= unspecified < 11.0 | 11.0 |
| francoisjacquet | rosariosis | >= 0 < 11.0 | 11.0 |
| redis | redis | >= 4.2.0 < 4.3.6 | 4.3.6 |
| redis | redis | >= 4.4.0 < 4.4.3 | 4.4.3 |
| redis | redis | >= 4.5.0 < 4.5.3 | 4.5.3 |
| rosariosis | rosariosis | < 11.0 | 11.0 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ghsa6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
RosarioSIS Stores Sensitive Data in a Mechanism without Access Control
osv·2023-05-19
CVE-2023-2665 [HIGH] RosarioSIS Stores Sensitive Data in a Mechanism without Access Control
RosarioSIS Stores Sensitive Data in a Mechanism without Access Control
RosarioSIS prior to 11.0 allows anyone, regardless of authentication status, to download and view file attachments under the `salaries` module. In addition, the file names contain a date in a `YYYY-MM-DD` format and a random six-string digit, making enumerating file names with automated tools relatively easy. This could allow an attacker to gain access to sensitive salary information. The patch for version 11.0 adds microseconds to filenames to make them harder to guess.
GHSA
RosarioSIS Stores Sensitive Data in a Mechanism without Access Control
ghsa·2023-05-19
CVE-2023-2665 [HIGH] CWE-921 RosarioSIS Stores Sensitive Data in a Mechanism without Access Control
RosarioSIS Stores Sensitive Data in a Mechanism without Access Control
RosarioSIS prior to 11.0 allows anyone, regardless of authentication status, to download and view file attachments under the `salaries` module. In addition, the file names contain a date in a `YYYY-MM-DD` format and a random six-string digit, making enumerating file names with automated tools relatively easy. This could allow an attacker to gain access to sensitive salary information. The patch for version 11.0 adds microseconds to filenames to make them harder to guess.
GHSA
redis-py Race Condition vulnerability
ghsa·2023-03-26·CVSS 6.5
CVE-2023-28858 [MEDIUM] CWE-193 redis-py Race Condition vulnerability
redis-py Race Condition vulnerability
redis-py before 4.5.3, as used in ChatGPT and other products, leaves a connection open after canceling an async Redis command at an inopportune time (in the case of a pipeline operation), and can send response data to the client of an unrelated request in an off-by-one manner. The fixed versions for this CVE Record are 4.3.6, 4.4.3, and 4.5.3, but [are believed to be incomplete](https://github.com/redis/redis-py/issues/2665). CVE-2023-28859 has been assigned the issues caused by the incomplete fixes.
No detection rules found.
No public exploits indexed.
https://github.com/francoisjacquet/rosariosis/commit/09d5afaa6be07688ca1a7ac3b755b5438109e986https://huntr.dev/bounties/42f38a84-8954-484d-b5ff-706ca0918194https://github.com/francoisjacquet/rosariosis/commit/09d5afaa6be07688ca1a7ac3b755b5438109e986https://huntr.dev/bounties/42f38a84-8954-484d-b5ff-706ca0918194
2023-05-12
Published