CVE-2023-40278

{"id": "CVE-2023-40278", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-03-19T12:15:07.473", "references": [{"url": "https://github.com/BugBountyHunterCVE/CVE-2023-40278/blob/main/CVE-2023-40278_Information-Disclosure_OpenClinic-GA_5.247.01_Report.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://sourceforge.net/projects/open-clinic/", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/BugBountyHunterCVE/CVE-2023-40278/blob/main/CVE-2023-40278_Information-Disclosure_OpenClinic-GA_5.247.01_Report.md", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://sourceforge.net/projects/open-clinic/", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in OpenClinic GA 5.247.01. An Information Disclosure vulnerability has been identified in the printAppointmentPdf.jsp component of OpenClinic GA. By changing the AppointmentUid parameter, an attacker can determine whether a specific appointment exists based on the error message."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en OpenClinic GA 5.247.01. Se ha identificado una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en el componente printAppointmentPdf.jsp de OpenClinic GA. Al cambiar el par\u00e1metro AppointmentUid, un atacante puede determinar si existe una cita espec\u00edfica en funci\u00f3n del mensaje de error."}], "lastModified": "2025-04-14T13:40:03.483", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openclinic_ga_project:openclinic_ga:5.247.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5395A171-DCA3-4128-A908-56AB2B1EFB95"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}