CVE-2024-12564 | THREATINT

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthorized users to visit prometheus metrics page. This can allow attackers to understand more things about the target application which may help in further investigation and exploitation.

PUBLISHED Reserved 2024-12-12 | Published 2024-12-12 | Updated 2025-09-11 | Assigner ODA

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Problem types

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

CWE-276 Incorrect Default Permissions

Product status

Default status

unaffected

Any version before 2025.3

affected

Credits

dhiyaneshDK finder

philippedelteil finder

References

www.opendesign.com/security-advisories

cve.org (CVE-2024-12564)

nvd.nist.gov (CVE-2024-12564)

Download JSON