Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue.
References
| Link | Resource |
|---|---|
| https://github.com/dromara/hertzbeat/releases/tag/v1.4.1 | Release Notes |
| https://github.com/dromara/hertzbeat/security/advisories/GHSA-rrc5-qpxr-5jm2 | Exploit Vendor Advisory |
| https://github.com/dromara/hertzbeat/releases/tag/v1.4.1 | Release Notes |
| https://github.com/dromara/hertzbeat/security/advisories/GHSA-rrc5-qpxr-5jm2 | Exploit Vendor Advisory |
Configurations
History
21 Nov 2024, 08:38
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/dromara/hertzbeat/releases/tag/v1.4.1 - Release Notes | |
| References | () https://github.com/dromara/hertzbeat/security/advisories/GHSA-rrc5-qpxr-5jm2 - Exploit, Vendor Advisory |
28 Aug 2024, 15:44
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Apache
Apache hertzbeat |
|
| CPE | cpe:2.3:a:apache:hertzbeat:*:*:*:*:*:*:*:* |
03 Jan 2024, 19:53
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Dromara hertzbeat
Dromara |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
| CPE | cpe:2.3:a:dromara:hertzbeat:*:*:*:*:*:*:*:* | |
| References | () https://github.com/dromara/hertzbeat/releases/tag/v1.4.1 - Release Notes | |
| References | () https://github.com/dromara/hertzbeat/security/advisories/GHSA-rrc5-qpxr-5jm2 - Exploit, Vendor Advisory |
22 Dec 2023, 21:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-12-22 21:15
Updated : 2024-11-21 08:38
NVD link : CVE-2023-51650
Mitre link : CVE-2023-51650
CVE.ORG link : CVE-2023-51650
JSON object : View
Products Affected
apache
- hertzbeat
CWE
CWE-862
Missing Authorization