What is CVE-2024-31223?

CVE-2024-31223 is a medium-severity vulnerability in Ethyca Fides, classified under Exposure of Sensitive System Information to an Unauthorized Control Sphere. CVSS score: 5.3/10. Published 2024-07-03.

How severe is CVE-2024-31223?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Vulnerability in Ethyca Fides

CVE-2024-31223

Fides is an open-source privacy engineering platform, and `SERVER_SIDE_FIDES_API_URL` is a server-side configuration environment variable used by the Fides Privacy Center to communicate with the Fides webserver backend. The value of this v…

EPSS: 0.059 (90.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Ethyca Fides — versions >= 2.19.0, < 2.39.2rc0

Weakness classification (CWE)

CWE-497 — Exposure of Sensitive System Information to an Unauthorized Control Sphere

References

https://github.com/ethyca/fides/security/advisories/GHSA-53q7-4874-24qg (x_refsource_CONFIRM)
https://github.com/ethyca/fides/commit/0555080541f18a5aacff452c590ac9a1b56d7097 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-31223?: CVE-2024-31223 is a medium-severity vulnerability in Ethyca Fides, classified under Exposure of Sensitive System Information to an Unauthorized Control Sphere. CVSS score: 5.3/10. Published 2024-07-03.
How severe is CVE-2024-31223?: Medium severity. CVSS v3 base score is 5.3 out of 10.