Home > Vulnerability Database > CVE-2023-2881

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2023-2881

Date: May 24, 2023

Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10.

Language: PHP

Severity Score

4.9

Related Resources (6)

Url: https://github.com/pimcore/customer-data-framework/commit/d1d58c10313f080737dc1e71fab3beb12488a1e6

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-2881

Url: https://huntr.dev/bounties/db6c32f4-742e-4262-8fd5-cefd0f133416

Url: https://github.com/pimcore/customer-data-framework

Url: https://github.com/pimcore/customer-data-framework/security/advisories/GHSA-j65r-g7q2-f8v3

Url: https://www.mend.io/vulnerability-database/CVE-2023-2881

Severity Score

4.9

Weakness Type (CWE)

Insufficiently Protected Credentials

CWE-522

Storing Passwords in a Recoverable Format

CWE-257

CVSS v3.1

Base Score:	4.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Do you need more information?

Contact Us