
Cloud Vulnerability DB
A community-led vulnerabilities database
Storage of Sensitive Data in a Mechanism without Access Control was discovered in GitHub repository francoisjacquet/rosariosis prior to version 11.0. The vulnerability was disclosed on May 11, 2023, and was assigned CVE-2023-2665. The vulnerability affects the RosarioSIS software system (NVD, CVE).
The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges, requires no user interaction, has unchanged scope, and can result in high confidentiality impact but no integrity or availability impact (NVD).
The vulnerability allows unauthorized access to sensitive data due to improper access control mechanisms. The high CVSS score particularly emphasizes the significant confidentiality impact, indicating that sensitive information could be exposed to unauthorized parties (NVD).
The vulnerability has been patched in RosarioSIS version 11.0. Users should upgrade to this version or later to address the security issue. The fix includes adding microseconds to filename format to make it harder to predict, as implemented in various files including FileUpload.fnc.php, Accounting/functions.php, PortalNotes.php, and Student_Billing/functions.php (GitHub Patch).
Source: This report was generated using AI
Free Vulnerability Assessment
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
"We know that if Wiz identifies something as critical, it actually is."