CVE-2023-32550

CWE-497CWE-668Exposure to Wrong Sphere3 documents3 sources
Severity
8.2HIGH
EPSS
0.2%
top 54.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Canonical Ltd. LandscapeCanonical Landscape
Timeline
PublishedJun 6

Description

Landscape's server-status page exposed sensitive system information. This data leak included GET requests which contain information to attack and leak further information from the Landscape API.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:NExploitability: 3.9 | Impact: 4.7

Affected Packages2 packages

NVDcanonical/landscape< 19.10.5
CVEListV5canonical_ltd./landscape< 19.10.05

🔴Vulnerability Details

2
GHSA
GHSA-qx9h-hx3f-jr6w: Landscape's server-status page exposed sensitive system information2023-06-06
CVEList
Landscape's Apache server-status is accessible by default2023-06-06
CVE-2023-32550 (HIGH CVSS 8.2) | Landscape's server-status page expo | cvebase.io