Vulnerabilities > CVE-2023-6038 - Missing Authorization vulnerability in H2O

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
h2o
CWE-862
NVD
Published: 2023-11-16
Updated: 2023-11-24

Summary

An attacker is able to read any file on the server hosting the H2O dashboard without any authentication.

Vulnerable Configurations

Part Description Count
Application
H2O
1

Common Weakness Enumeration (CWE)

References