Information Disclosure Vulnerability in HCL DevOps Deploy by HCL Software
CVE-2025-0256
4.3MEDIUM
Key Information:
- Vendor
- HCL Software Software
- Status
- HCL Software Devops Deploy / HCL Software Launch
- Vendor
- CVE Published:
- 24 March 2025
Summary
HCL DevOps Deploy and HCL Launch present a security concern that permits authenticated users to access sensitive information regarding other users on the platform. This vulnerability arises from a lack of proper authorization checks, which could lead to unauthorized disclosures of user data and potentially compromise user privacy. Affected users should review their access controls and upgrade to the latest versions to mitigate risks associated with this issue.
Affected Version(s)
HCL DevOps Deploy / HCL Launch 7.0 - 7.0.5.25; 7.1 - 7.1.2.21; 7.2 - 7.2.3.14; 7.3 - 7.3.2.9; 8.0 - 8.0.1.4; 8.1.0.0
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved