CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27096
https://notcve.org/view.php?id=CVE-2023-27096
27 Mar 2023 — Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker to obtain sensitive information via the ConfigVerifyController function of the Tenant Management module. • https://github.com/opengoofy/hippo4j/issues/1060 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27094
https://notcve.org/view.php?id=CVE-2023-27094
23 Mar 2023 — An issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers to escalate privileges via the ThreadPoolController of the tenant Management module. • https://github.com/opengoofy/hippo4j/issues/1059 •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-27095
https://notcve.org/view.php?id=CVE-2023-27095
16 Mar 2023 — Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module. • https://github.com/opengoofy/hippo4j/issues/1061 • CWE-732: Incorrect Permission Assignment for Critical Resource •