CVE-2023-51650: Unauthorized access vulnerability on three interfaces
First published: Fri Dec 22 2023(Updated: )
Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dromara Hertzbeat | <1.4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-51650?
CVE-2023-51650 is classified as a medium severity vulnerability due to unauthorized access risks.
How do I fix CVE-2023-51650?
To fix CVE-2023-51650, upgrade to Hertzbeat version 1.4.1 or later.
What does CVE-2023-51650 impact?
CVE-2023-51650 impacts Hertzbeat prior to version 1.4.1, specifically affecting the permission configuration.
What kind of information could be disclosed due to CVE-2023-51650?
CVE-2023-51650 could lead to the disclosure of sensitive server information.
Is there a workaround for CVE-2023-51650 until I can upgrade?
There are no known workarounds for CVE-2023-51650, the recommendation is to upgrade to the latest version.
- agent/references
- agent/type
- agent/event
- agent/first-publish-date
- agent/severity
- agent/author
- agent/title
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/apache
- canonical/dromara hertzbeat