CVE-2023-28022: 
NixOS vulnerability analysis and mitigation

HCL Connections is vulnerable to an information disclosure vulnerability (CVE-2023-28022) that could allow a user to obtain sensitive information they are not entitled to, caused by improper handling of request data. The vulnerability affects HCL Connections versions 6.0, 6.5, 7.0, and 8.0. This vulnerability was disclosed on December 15, 2023 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 MEDIUM (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring low privileges (PR:L) and no user interaction (UI:N). The scope is unchanged (S:U), with high impact on confidentiality (C:H) but no impact on integrity (I:N) or availability (A:N) (NVD).

The vulnerability primarily affects the confidentiality of information, allowing unauthorized access to sensitive data. The high confidentiality impact rating indicates that the vulnerability could lead to the disclosure of significant amounts of sensitive information (NVD).

The vulnerability affects HCL Connections versions 6.0, 6.5, 7.0, and 8.0. Users should apply the appropriate security updates when available from HCL (HCL Advisory).