Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for survey_solutions by mysurvey
CVE-2021-41123 (GCVE-0-2021-41123)
Vulnerability from nvd – Published: 2021-10-04 22:30 – Updated: 2024-08-04 02:59
VLAI?
Title
Exposure of Sensitive Information to an Unauthorized Actor in WB.UI.Headquarters.dll
Summary
Survey Solutions is a survey management and data collection system. In affected versions the Headquarters application publishes /metrics endpoint available to any user. None of the survey answers are ever exposed, only the aggregate counters, including count of interviews, or count of assignments. Starting from version 21.09.1 the endpoint is turned off by default.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| surveysolutions | surveysolutions |
Affected:
< 21.09.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:59:31.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/surveysolutions/surveysolutions/security/advisories/GHSA-6c7j-7jf3-9p3j"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/surveysolutions/surveysolutions/commit/99e7e8345cb98f2eda08e37976e3d3aeb49971c9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "surveysolutions",
"vendor": "surveysolutions",
"versions": [
{
"status": "affected",
"version": "\u003c 21.09.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Survey Solutions is a survey management and data collection system. In affected versions the Headquarters application publishes /metrics endpoint available to any user. None of the survey answers are ever exposed, only the aggregate counters, including count of interviews, or count of assignments. Starting from version 21.09.1 the endpoint is turned off by default."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-04T22:30:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/surveysolutions/surveysolutions/security/advisories/GHSA-6c7j-7jf3-9p3j"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/surveysolutions/surveysolutions/commit/99e7e8345cb98f2eda08e37976e3d3aeb49971c9"
}
],
"source": {
"advisory": "GHSA-6c7j-7jf3-9p3j",
"discovery": "UNKNOWN"
},
"title": "Exposure of Sensitive Information to an Unauthorized Actor in WB.UI.Headquarters.dll",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41123",
"STATE": "PUBLIC",
"TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in WB.UI.Headquarters.dll"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "surveysolutions",
"version": {
"version_data": [
{
"version_value": "\u003c 21.09.1"
}
]
}
}
]
},
"vendor_name": "surveysolutions"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Survey Solutions is a survey management and data collection system. In affected versions the Headquarters application publishes /metrics endpoint available to any user. None of the survey answers are ever exposed, only the aggregate counters, including count of interviews, or count of assignments. Starting from version 21.09.1 the endpoint is turned off by default."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/surveysolutions/surveysolutions/security/advisories/GHSA-6c7j-7jf3-9p3j",
"refsource": "CONFIRM",
"url": "https://github.com/surveysolutions/surveysolutions/security/advisories/GHSA-6c7j-7jf3-9p3j"
},
{
"name": "https://github.com/surveysolutions/surveysolutions/commit/99e7e8345cb98f2eda08e37976e3d3aeb49971c9",
"refsource": "MISC",
"url": "https://github.com/surveysolutions/surveysolutions/commit/99e7e8345cb98f2eda08e37976e3d3aeb49971c9"
}
]
},
"source": {
"advisory": "GHSA-6c7j-7jf3-9p3j",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-41123",
"datePublished": "2021-10-04T22:30:11.000Z",
"dateReserved": "2021-09-15T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:59:31.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41123 (GCVE-0-2021-41123)
Vulnerability from cvelistv5 – Published: 2021-10-04 22:30 – Updated: 2024-08-04 02:59
VLAI?
Title
Exposure of Sensitive Information to an Unauthorized Actor in WB.UI.Headquarters.dll
Summary
Survey Solutions is a survey management and data collection system. In affected versions the Headquarters application publishes /metrics endpoint available to any user. None of the survey answers are ever exposed, only the aggregate counters, including count of interviews, or count of assignments. Starting from version 21.09.1 the endpoint is turned off by default.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| surveysolutions | surveysolutions |
Affected:
< 21.09.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:59:31.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/surveysolutions/surveysolutions/security/advisories/GHSA-6c7j-7jf3-9p3j"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/surveysolutions/surveysolutions/commit/99e7e8345cb98f2eda08e37976e3d3aeb49971c9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "surveysolutions",
"vendor": "surveysolutions",
"versions": [
{
"status": "affected",
"version": "\u003c 21.09.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Survey Solutions is a survey management and data collection system. In affected versions the Headquarters application publishes /metrics endpoint available to any user. None of the survey answers are ever exposed, only the aggregate counters, including count of interviews, or count of assignments. Starting from version 21.09.1 the endpoint is turned off by default."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-04T22:30:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/surveysolutions/surveysolutions/security/advisories/GHSA-6c7j-7jf3-9p3j"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/surveysolutions/surveysolutions/commit/99e7e8345cb98f2eda08e37976e3d3aeb49971c9"
}
],
"source": {
"advisory": "GHSA-6c7j-7jf3-9p3j",
"discovery": "UNKNOWN"
},
"title": "Exposure of Sensitive Information to an Unauthorized Actor in WB.UI.Headquarters.dll",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-41123",
"STATE": "PUBLIC",
"TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in WB.UI.Headquarters.dll"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "surveysolutions",
"version": {
"version_data": [
{
"version_value": "\u003c 21.09.1"
}
]
}
}
]
},
"vendor_name": "surveysolutions"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Survey Solutions is a survey management and data collection system. In affected versions the Headquarters application publishes /metrics endpoint available to any user. None of the survey answers are ever exposed, only the aggregate counters, including count of interviews, or count of assignments. Starting from version 21.09.1 the endpoint is turned off by default."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/surveysolutions/surveysolutions/security/advisories/GHSA-6c7j-7jf3-9p3j",
"refsource": "CONFIRM",
"url": "https://github.com/surveysolutions/surveysolutions/security/advisories/GHSA-6c7j-7jf3-9p3j"
},
{
"name": "https://github.com/surveysolutions/surveysolutions/commit/99e7e8345cb98f2eda08e37976e3d3aeb49971c9",
"refsource": "MISC",
"url": "https://github.com/surveysolutions/surveysolutions/commit/99e7e8345cb98f2eda08e37976e3d3aeb49971c9"
}
]
},
"source": {
"advisory": "GHSA-6c7j-7jf3-9p3j",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-41123",
"datePublished": "2021-10-04T22:30:11.000Z",
"dateReserved": "2021-09-15T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:59:31.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}