CVE-2023-51650 HIGH

CVE-2023-51650: Unauthorized access vulnerability on three interfaces

Vendor Dromara
Product hertzbeat
Weakness CWE-862 · Missing authorization
Published December 22, 2023
Last update April 23, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue.

Key dates

02Disclosure timeline

December 22, 2023 CVE published
April 23, 2025 Record updated

Related vulnerabilities

04Related CVE