CVE-2023-51650
HIGHHertzbeat < 1.4.1 - Unauthenticated Sensitive Information Disclosure via Spring Boot Permission Misconfiguration
Title source: llmDescription
Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue.
References (2)
Core 2
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://github.com/dromara/hertzbeat/security/advisories/GHSA-rrc5-qpxr-5jm2
Release Notes x_refsource_misc
https://github.com/dromara/hertzbeat/releases/tag/v1.4.1
Scores
CVSS v3
7.5
EPSS
0.0047
EPSS Percentile
64.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-862
Status
published
Products (1)
apache/hertzbeat
< 1.4.1
Published
Dec 22, 2023
Tracked Since
Feb 18, 2026