How severe is CVE-2024-31223?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-31223?

This is classified as CWE-497, which is a common weakness in software security.

CVE-2024-31223 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

Fides is an open-source privacy engineering platform, and `SERVER_SIDE_FIDES_API_URL` is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this variable is a URL which typically includes a private IP address, private domain name, and/or port. A vulnerability present starting in version 2.19.0 and prior to version 2.39.2rc0 allows an unauthenticated attacker to make a HTTP GET request from the Privacy Center that discloses the value of this server-side URL. This could result in disclosure of server-side configuration giving an attacker information on server-side ports, private IP addresses, and/or private domain names. The vulnerability has been patched in Fides version 2.39.2rc0. No known workarounds are available.

Related Vulnerabilities

CVE-2019-10243

MEDIUM

CVSS:5.3(Medium)

In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. This can be used as a hint by an attacker to specifically craft attacks to the web server run by...

CWE-4972019

CVE-2020-26076

MEDIUM

CVSS:5.3(Medium)

A vulnerability in Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. The vulnerability is due to the ...

CWE-4972020

CVE-2021-1234

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be aff...

CWE-4972021

CVE-2021-1535

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected...

CWE-4972021

CVE-2022-38710

MEDIUM

CVSS:5.3(Medium)

IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further attacks against the system. IBM X-Force ID: 23...

CWE-4972022

CVE-2022-43852

MEDIUM

CVSS:5.3(Medium)

IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that could be used in further attacks against the system.

CWE-4972022