CVE-2023-33558

Published: Oct 26, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames.

Affected (1)

Products: Ocomon Project: Ocomon

Ocomon Project

1 product

Ocomon

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ocomon Project Ocomon	Before 4.0.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://github.com/ninj4c0d3r/OcoMon-Research

Source: cve@mitre.org

Third Party Advisory

https://github.com/ninj4c0d3r/OcoMon-Research/commit/6357def478b11119270b89329fceb115f12c69fc

Source: cve@mitre.org

Patch

https://github.com/ninj4c0d3r/OcoMon-Research

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/ninj4c0d3r/OcoMon-Research/commit/6357def478b11119270b89329fceb115f12c69fc

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.