CVE-2024-12564

{"id": "CVE-2024-12564", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "8a9629cb-c5e7-4d2a-a894-111e8039b7ea", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 6.9, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "LOW", "vulnerableSystemConfidentiality": "LOW", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-12-12T08:15:16.517", "references": [{"url": "https://www.opendesign.com/security-advisories", "source": "8a9629cb-c5e7-4d2a-a894-111e8039b7ea"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "8a9629cb-c5e7-4d2a-a894-111e8039b7ea", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-732"}]}], "descriptions": [{"lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthorized users to visit prometheus metrics page. This can allow attackers to understand more things about the target application which may help in further investigation and exploitation."}, {"lang": "es", "value": "Se descubri\u00f3 una vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado en el SDK de Web de Open Design Alliance CDE antes de 2025.3. Instalar CDE Server con la configuraci\u00f3n predeterminada permite que usuarios no autorizados visiten la p\u00e1gina de m\u00e9tricas de Prometheus. Esto puede permitir que los atacantes comprendan m\u00e1s cosas sobre la aplicaci\u00f3n de destino, lo que puede ayudar en una mayor investigaci\u00f3n y explotaci\u00f3n."}], "lastModified": "2024-12-12T15:15:12.097", "sourceIdentifier": "8a9629cb-c5e7-4d2a-a894-111e8039b7ea"}