CVE-2024-3706 - Vulnerability Details - OpenCVE

Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to view a php backup file (controlaccess.php-LAST) where database credentials are stored.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Opengnsys	Opengnsys

Configuration 1 [-]

cpe:2.3:a:opengnsys:opengnsys:1.1.1d:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://opengnsys.es/web/parche-de-seguridad-cve-2024-370x
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys

History

Tue, 04 Nov 2025 18:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Opengnsys Opengnsys opengnsys
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:opengnsys:opengnsys:1.1.1d:::::::*
Vendors & Products		Opengnsys Opengnsys opengnsys

MITRE

Status: PUBLISHED

Assigner: INCIBE

Published: 2024-04-12T13:51:26.610Z

Updated: 2024-08-01T20:20:00.914Z

Reserved: 2024-04-12T10:44:54.288Z

Link: CVE-2024-3706

Vulnrichment

Updated: 2024-08-01T20:20:00.914Z

NVD

Status : Analyzed

Published: 2024-04-12T14:15:09.160

Modified: 2025-11-04T18:15:46.883

Link: CVE-2024-3706

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3706", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "state": "PUBLISHED", "assignerShortName": "INCIBE", "dateReserved": "2024-04-12T10:44:54.288Z", "datePublished": "2024-04-12T13:51:26.610Z", "dateUpdated": "2024-08-01T20:20:00.914Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "OpenGnsys", "vendor": "OpenGnsys", "versions": [{"status": "affected", "version": "1.1.1d"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Pedro Gabald\u00f3n Jul\u00e1"}, {"lang": "en", "type": "finder", "value": "Javier Medina Munuera"}, {"lang": "en", "type": "finder", "value": "Antonio Jos\u00e9 G\u00e1lvez S\u00e1nchez"}], "datePublic": "2024-04-12T10:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to view a php backup file (controlaccess.php-LAST) where database credentials are stored."}], "value": "Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to view a php backup file (controlaccess.php-LAST) where database credentials are stored."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2024-07-05T12:47:46.383Z"}, "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys"}, {"tags": ["patch"], "url": "https://opengnsys.es/web/parche-de-seguridad-cve-2024-370x"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The OpenGnsys development team has released a security patch that resolves the reported vulnerabilities. These fixes will be included in the next version to be released shortly."}], "value": "The OpenGnsys development team has released a security patch that resolves the reported vulnerabilities. These fixes will be included in the next version to be released shortly."}], "source": {"discovery": "UNKNOWN"}, "title": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in OpenGnsys", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3706", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-14T17:35:04.872314Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:32:55.379Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:20:00.914Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys", "tags": ["x_transferred"]}, {"tags": ["patch", "x_transferred"], "url": "https://opengnsys.es/web/parche-de-seguridad-cve-2024-370x"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys", "tags": ["x_transferred"]}, {"url": "https://opengnsys.es/web/parche-de-seguridad-cve-2024-370x", "tags": ["patch", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:20:00.914Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3706", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-14T17:35:04.872314Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-14T17:34:53.503Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in OpenGnsys", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Pedro Gabald\u00f3n Jul\u00e1"}, {"lang": "en", "type": "finder", "value": "Javier Medina Munuera"}, {"lang": "en", "type": "finder", "value": "Antonio Jos\u00e9 G\u00e1lvez S\u00e1nchez"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "OpenGnsys", "product": "OpenGnsys", "versions": [{"status": "affected", "version": "1.1.1d"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "The OpenGnsys development team has released a security patch that resolves the reported vulnerabilities. These fixes will be included in the next version to be released shortly.", "supportingMedia": [{"type": "text/html", "value": "The OpenGnsys development team has released a security patch that resolves the reported vulnerabilities. These fixes will be included in the next version to be released shortly.", "base64": false}]}], "datePublic": "2024-04-12T10:00:00.000Z", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys"}, {"url": "https://opengnsys.es/web/parche-de-seguridad-cve-2024-370x", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to view a php backup file (controlaccess.php-LAST) where database credentials are stored.", "supportingMedia": [{"type": "text/html", "value": "Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to view a php backup file (controlaccess.php-LAST) where database credentials are stored.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2024-07-05T12:47:46.383Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3706", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:20:00.914Z", "dateReserved": "2024-04-12T10:44:54.288Z", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "datePublished": "2024-04-12T13:51:26.610Z", "assignerShortName": "INCIBE"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opengnsys:opengnsys:1.1.1d:*:*:*:*:*:*:*", "matchCriteriaId": "01BCA877-074D-4F9B-B82F-6D23F111F9C6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to view a php backup file (controlaccess.php-LAST) where database credentials are stored."}, {"lang": "es", "value": "Vulnerabilidad de exposici\u00f3n de informaci\u00f3n en OpenGnsys que afecta a la versi\u00f3n 1.1.1d (Espeto). Esta vulnerabilidad permite a un atacante ver un archivo de copia de seguridad de PHP (controlaccess.php-LAST) donde se almacenan las credenciales de la base de datos."}], "id": "CVE-2024-3706", "lastModified": "2025-11-04T18:15:46.883", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "cve-coordination@incibe.es", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-12T14:15:09.160", "references": [{"source": "cve-coordination@incibe.es", "tags": ["Vendor Advisory"], "url": "https://opengnsys.es/web/parche-de-seguridad-cve-2024-370x"}, {"source": "cve-coordination@incibe.es", "tags": ["Third Party Advisory"], "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://opengnsys.es/web/parche-de-seguridad-cve-2024-370x"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys"}], "sourceIdentifier": "cve-coordination@incibe.es", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "cve-coordination@incibe.es", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}