File accessibility vulnerability in Delinea Secret Server
CVE-2023-4588

6.8MEDIUM

Key Information:

Vendor: Delinea
Status: Secret Server
Vendor: CVE Published:; 6 September 2023

What is CVE-2023-4588?

File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup directory to the wwwroot folder, and download it with some configuration files such as encryption.config/ and database.config stored in the wwwroot directory, exposing the database credentials in plain text.

Affected Version(s)

Secret Server v10.9.000002

Secret Server v11.4.000002

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 6, 2023
Vulnerability Reserved
Aug 29, 2023

Credit

Héctor de Armas Padrón (@3v4SI0N)

CVE-2023-4588 Data

JSON