CVE-2023-6725

MEDIUM Year: 2023
CVSS v3 Score
6.6
Medium
Weakness Type
CWE-1220
View all →

Vulnerability Description

An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND were improperly made world readable. A malicious attacker with access to any container could exploit this flaw to access sensitive information.

Related Vulnerabilities

CVE-2022-1177

MEDIUM
CVSS:6.5(Medium)

Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0.

CWE-12202022

CVE-2023-32259

MEDIUM
CVSS:6.5(Medium)

Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX) allows Exploiting Incorrectly Configured Access Control...

CWE-12202023

CVE-2023-43040

MEDIUM
CVSS:6.5(Medium)

IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807.

CWE-12202023

CVE-2023-4456

MEDIUM
CVSS:6.5(Medium)

A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as ...

CWE-12202023

CVE-2024-2035

MEDIUM
CVSS:6.5(Medium)

An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify t...

CWE-12202024

CVE-2024-39279

MEDIUM
CVSS:6.5(Medium)

Insufficient granularity of access control in UEFI firmware in some Intel(R) processors may allow a authenticated user to potentially enable denial of service via local access.

CWE-12202024