CVE-2024-7267 HIGH

CVE-2024-7267: Internal infrastructure data leak in EZD RP

Vendor Naukowa I Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy
Product EZD RP
Weakness CWE-213
Published August 7, 2024
Last update March 17, 2025

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/R:A/V:D/RE:L/U:Green

What the vulnerability does

01Description

Exposure of Sensitive Information vulnerability in Naukowa i Akademicka Sieć Komputerowa - Państwowy Instytut Badawczy EZD RP allows logged-in user to retrieve information about IP infrastructure and credentials. This issue affects EZD RP all versions before 19.6

Key dates

02Disclosure timeline

August 7, 2024 CVE published
March 17, 2025 Record updated