CVE-2023-34240

Cloudexplorer-lite is an open source cloud software stack. Weak passwords can be easily guessed and are an easy target for brute force attacks. This can lead to an authentication system failure and compromise system security. Versions of cloudexplorer-lite prior to 1.2.0 did not enforce strong passwords. This vulnerability has been fixed in version 1.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-px4m-5j22-5mw4	Vendor Advisory
https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-px4m-5j22-5mw4	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:fit2cloud:cloudexplorer_lite:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-06-27 17:15

Updated : 2024-11-21 08:06

NVD link : CVE-2023-34240

Mitre link : CVE-2023-34240

CVE.ORG link : CVE-2023-34240

JSON object : View

Products Affected

fit2cloud

cloudexplorer_lite

CWE

CWE-521

Weak Password Requirements

{"id": "CVE-2023-34240", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-06-27T17:15:09.903", "references": [{"url": "https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-px4m-5j22-5mw4", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-px4m-5j22-5mw4", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-521"}]}], "descriptions": [{"lang": "en", "value": "Cloudexplorer-lite is an open source cloud software stack. Weak passwords can be easily guessed and are an easy target for brute force attacks. This can lead to an authentication system failure and compromise system security. Versions of cloudexplorer-lite prior to 1.2.0 did not enforce strong passwords. This vulnerability has been fixed in version 1.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."}], "lastModified": "2024-11-21T08:06:50.457", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fit2cloud:cloudexplorer_lite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "257487A2-0E67-4271-9024-5BCD53F9C536", "versionEndExcluding": "1.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}