CVE-2024-12564

Dec. 12, 2024, 3:15 p.m.

None
No Score

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthorized users to visit prometheus metrics page. This can allow attackers to understand more things about the target application which may help in further investigation and exploitation.

Product(s) Impacted

Product Versions
Open Design Alliance CDE inWEB SDK
  • ['before 2025.3']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-732
Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References

https://www.opendesign.com/security-advisories

Tags

CWE-200
CWE-732
8a9629cb-c5e7-4d2a-a894-111e8039b7ea
2024-12-12
CVE-2024-12564

Timeline

Published: Dec. 12, 2024, 8:15 a.m.
Last Modified: Dec. 12, 2024, 3:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

8a9629cb-c5e7-4d2a-a894-111e8039b7ea

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.