We found results for “”
WS-2023-0042
Good to know:
Date: February 15, 2023
A Privilege escalation vulnerability was discovered in Strongbox. By default, the encrypted secrets are stored in DynamoDB and an attacker with read-only access would not be able to write the encrypted secret to DynamoDB. So in practice the impact should be limited for most users. The issue is fixed in version 0.5.0.
Language: Java
Severity Score
Severity Score
Weakness Type (CWE)
Improper Privilege Management
CWE-269Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | NONE |