CVE-2023-51650

CWE-862Missing Authorization2 documents2 sources
Severity
7.5HIGH
EPSS
0.5%
top 35.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dromara HertzbeatApache Hertzbeat
Timeline
PublishedDec 22

Description

Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDapache/hertzbeat< 1.4.1
CVEListV5dromara/hertzbeat< 1.4.1

🔴Vulnerability Details

1
CVEList
Unauthorized access vulnerability on three interfaces2023-12-22
CVE-2023-51650 (HIGH CVSS 7.5) | Hertzbeat is an open source | cvebase.io