In WhatsUp Gold versions released before 2023.1, an API...
High severity
Unreviewed
Published
Dec 14, 2023
to the GitHub Advisory Database
•
Updated Dec 19, 2023
Description
Published by the National Vulnerability Database
Dec 14, 2023
Published to the GitHub Advisory Database
Dec 14, 2023
Last updated
Dec 19, 2023
In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold.
References