{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T04:49:22.921","vulnerabilities":[{"cve":{"id":"CVE-2023-37468","sourceIdentifier":"security-advisories@github.com","published":"2023-07-13T21:15:09.253","lastModified":"2024-11-21T08:11:46.300","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Feedbacksystem is a personalized feedback system for students using artificial intelligence. Passwords of users using LDAP login are stored in clear text in the database. The LDAP users password is passed unencrypted in the LoginController.scala and stored in the database when logging in for the first time. Users using only local login or the cas login are not affected. This issue has been patched in version 1.19.2.\n\n"},{"lang":"es","value":"Feedbacksystem es un sistema de feedback personalizado para estudiantes que utiliza inteligencia artificial. Las contraseñas de los usuarios que utilizan el login LDAP se almacenan en texto claro en la base de datos. La contraseña de los usuarios LDAP se pasa sin cifrar en el \"LoginController.scala\" y se almacena en la base de datos cuando se inicia sesión por primera vez. Los usuarios que utilizan sólo el inicio de sesión local o el inicio de sesión cas no se ven afectados. Este problema ha sido corregido en la versión 1.19.2. "}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N","baseScore":6.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.5,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-312"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:thm:feedbacksystem:*:*:*:*:*:*:*:*","versionStartIncluding":"1.5.0","versionEndExcluding":"1.9.2","matchCriteriaId":"CC3297F4-C7E7-407D-9099-5FC637CE8E14"}]}]}],"references":[{"url":"https://github.com/thm-mni-ii/feedbacksystem/commit/8d896125263e1efb1b70990987c7704426325bcf","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/thm-mni-ii/feedbacksystem/releases/tag/v1.9.2","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/thm-mni-ii/feedbacksystem/security/advisories/GHSA-g28r-8wg3-7349","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/thm-mni-ii/feedbacksystem/commit/8d896125263e1efb1b70990987c7704426325bcf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/thm-mni-ii/feedbacksystem/releases/tag/v1.9.2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes"]},{"url":"https://github.com/thm-mni-ii/feedbacksystem/security/advisories/GHSA-g28r-8wg3-7349","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}