CVE-2024-23687

Published January 19th, 2024

View on NVD ↗

CVSS v3

9.1

CRITICAL

CVSS v2

N/A

Affected

PROJECT

Description

Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines.

folio-org/mod-data-export-spring

GitHub