CVE-2024-23560

Published: Apr 15, 2024Modified: Apr 11, 2025

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type.

Affected (5)

Products: Hcltechsw: Hcl Devops Deploy, Hcl Launch

2 products

Hcl Devops Deploy

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Hcltechsw Hcl Devops Deploy	From 8.0.0.0 to 8.0.1
Hcltechsw Hcl Launch	From 7.0.0.0 to 7.0.5.21
Hcltechsw Hcl Launch	From 7.1.0.0 to 7.1.2.17
Hcltechsw Hcl Launch	From 7.2.0.0 to 7.2.3.10
Hcltechsw Hcl Launch	From 7.3.0.0 to 7.3.2.5

Related CWEs

Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References (2)

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0111925

Source: psirt@hcl.com

Vendor Advisory

https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0111925

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.