Skip to content

Insufficient verification of data authenticity...

High severity Unreviewed Published Sep 6, 2023 to the GitHub Advisory Database • Updated Apr 4, 2024

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Insufficient verification of data authenticity vulnerability in Delinea Secret Server, in its v10.9.000002 version. An attacker with an administrator account could perform software updates without proper integrity verification mechanisms. In this scenario, the update process lacks digital signatures and fails to validate the integrity of the update package, allowing the attacker to inject malicious applications during the update.

References

Published by the National Vulnerability Database Sep 6, 2023
Published to the GitHub Advisory Database Sep 6, 2023
Last updated Apr 4, 2024

Severity

High

EPSS score

0.089%
(39th percentile)

Weaknesses

CVE ID

CVE-2023-4589

GHSA ID

GHSA-985m-g277-8fjr

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.