Summaryinfo

A vulnerability, which was classified as problematic, was found in HCL DevOps Deploy and Launch. Affected is an unknown function. The manipulation of the argument sensitive leads to information disclosure. This vulnerability is traded as CVE-2024-23561. It is possible to launch the attack remotely. There is no exploit available. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Detailsinfo

A vulnerability, which was classified as problematic, has been found in HCL DevOps Deploy and Launch (unknown version). This issue affects an unknown code block. The manipulation of the argument sensitive with an unknown input leads to a information disclosure vulnerability. Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. Impacted is confidentiality. The summary by CVE is:

HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values.

It is possible to read the advisory at support.hcltechsw.com. The identification of this vulnerability is CVE-2024-23561 since 01/18/2024. The exploitation is known to be easy. The attack may be initiated remotely. Technical details of the vulnerability are known, but there is no available exploit. The attack technique deployed by this issue is T1592 according to MITRE ATT&CK.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Vendor

• HCL

Name

• DevOps Deploy
• Launch

License

• commercial

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion