CVE-2023-23584: 
Gallagher Command Centre vulnerability analysis and mitigation

An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. This vulnerability (CVE-2023-23584) affects Gallagher Command Centre versions 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4), and all versions of 8.50 and prior. The vulnerability was disclosed on December 18, 2023 (NVD).

The vulnerability is classified as CWE-203 (Observable Discrepancy) and CWE-204 (Observable Response Discrepancy). It has been assigned a CVSS v3.1 Base Score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. This indicates the vulnerability requires network access, low attack complexity, low privileges, no user interaction, and has a low confidentiality impact with no integrity or availability impact (NVD, AttackerKB).

The vulnerability allows an authenticated user with insufficient privileges to infer the presence of items in the system that they should not be able to view, potentially leading to information disclosure (Gallagher Advisory).

Gallagher has released maintenance releases to address this vulnerability: v8.70.1787 (MR2) for version 8.70 and v8.60.2039 (MR4) for version 8.60. Users should upgrade to these patched versions. No alternative mitigations are provided (Gallagher Advisory).