CVE-2023-40788

MEDIUM LAB

SpringBlade <=V3.6.0 - Info Disclosure

Title source: llm
STIX 2.1

Description

SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs

References (3)

Scores

CVSS v3 5.3
EPSS 0.0007
EPSS Percentile 21.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Lab Environment

COMMUNITY
Community Lab
docker pull bladex/alpine-java:openjdk17_cn_slim
docker pull nacos/nacos-server:v3.1.0
docker pull bladex/sentinel-dashboard:1.8.0

Details

CWE
CWE-668
Status published
Products (1)
bladex/springblade < 3.6.0
Published Sep 19, 2023
Tracked Since Feb 18, 2026