CVE-2021-41123
MEDIUMSurvey Solutions < 21.09.1 - Unauthenticated Exposure of Sensitive Metrics via /metrics Endpoint
Title source: llmDescription
Survey Solutions is a survey management and data collection system. In affected versions the Headquarters application publishes /metrics endpoint available to any user. None of the survey answers are ever exposed, only the aggregate counters, including count of interviews, or count of assignments. Starting from version 21.09.1 the endpoint is turned off by default.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://github.com/surveysolutions/surveysolutions/security/advisories/GHSA-6c7j-7jf3-9p3j
Patch, Third Party Advisory x_refsource_misc
https://github.com/surveysolutions/surveysolutions/commit/99e7e8345cb98f2eda08e37976e3d3aeb49971c9
Scores
CVSS v3
5.3
EPSS
0.0085
EPSS Percentile
53.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
mysurvey/survey_solutions
< 21.09.1
Published
Oct 04, 2021
Tracked Since
Feb 18, 2026