Incorrect Permission Assignment for Critical Resource
CVE-2023-27096
Summary
An Insecure Permissions vulnerability found in OpenGoofy Hippo4j, allows attackers to obtain sensitive information via the "ConfigVerifyController" function of the Tenant Management module.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- LOW
- HIGH
- NONE
CWE-732 - Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Advisory Timeline
- Published