Unrated severityNVD Advisory· Published Oct 25, 2024· Updated Oct 29, 2024

CVE-2022-30359

Description

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. Authentication is required. The information disclosed is associated with the all registered users, including user ID, status, email address, role(s), user type, license type, and personal details such as first name, last name, gender, and user preferences.

Affected products

OvalEdge/OvalEdgedescription
OvalEdge/OvalEdgellm-fuzzy
Range: <=5.2.8.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cve.offsecguy.com/ovaledge/vulnerabilities/sensitive-data-exposuremitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000