Information Disclosure Vulnerability in HCL DevOps Deploy by HCL Software
CVE-2025-0256

4.3MEDIUM

Key Information:

Vendor
HCL Software Software
Status
HCL Software Devops Deploy / HCL Software Launch
Vendor
CVE Published:
24 March 2025

Summary

HCL DevOps Deploy and HCL Launch present a security concern that permits authenticated users to access sensitive information regarding other users on the platform. This vulnerability arises from a lack of proper authorization checks, which could lead to unauthorized disclosures of user data and potentially compromise user privacy. Affected users should review their access controls and upgrade to the latest versions to mitigate risks associated with this issue.

Affected Version(s)

HCL DevOps Deploy / HCL Launch 7.0 - 7.0.5.25; 7.1 - 7.1.2.21; 7.2 - 7.2.3.14; 7.3 - 7.3.2.9; 8.0 - 8.0.1.4; 8.1.0.0

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.