Untriaged
Permalink
CVE-2023-32550
9.3 CRITICAL
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): CHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): LOW
- Availability impact (A): NONE
Landscape's Apache server-status is accessible by default
Landscape's server-status page exposed sensitive system information. This data leak included GET requests which contain information to attack and leak further information from the Landscape API.
References
- https://bugs.launchpad.net/landscape/+bug/1929037 issue-tracking
- https://bugs.launchpad.net/landscape/+bug/1929037 issue-tracking x_transferred
- https://bugs.launchpad.net/landscape/+bug/1929037 issue-tracking
- https://bugs.launchpad.net/landscape/+bug/1929037 issue-tracking x_transferred
Affected products
landscape
- <19.10.05
Matching in nixpkgs
pkgs.terraform-landscape
Improve Terraform's plan output to be easier to read and understand
-
nixos-unstable -
- nixpkgs-unstable 0.3.4
pkgs.ue4demos.landscape_mountains
Unreal Engine 4 Linux demos
Package maintainers
-
@manveru Michael Fellinger <m.fellinger@gmail.com>
-
@nicknovitski Nick Novitski <nixpkgs@nicknovitski.com>
-
@mbode Maximilian Bode <maxbode@gmail.com>