CVE-2021-40375

Source
https://cve.org/CVERecord?id=CVE-2021-40375
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40375.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-40375
Published
2022-04-06T02:15:08.390Z
Modified
2026-04-10T04:48:53.558587Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Apperta Foundation OpenEyes 3.5.1 allows remote attackers to view the sensitive information of patients without having the intended level of privilege. Despite OpenEyes returning a Forbidden error message, the contents of a patient's profile are still returned in the server response. This response can be read in an intercepting proxy or by viewing the page source. Sensitive information returned in responses includes patient PII and medication records or history.

References

Affected packages

Git / github.com/appertafoundation/openeyes

Affected ranges

Type
GIT
Repo
https://github.com/appertafoundation/openeyes
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.5.1"
        }
    ]
}

Affected versions

3.*
3.2.1
Other
archive/sprint/4
beforev3rebase
sprint26
v1.*
v1.11
v1.11.1
v1.7.0
v1.8.6
v3.*
v3.1
v3.2
v3.2.1
v3.3
v3.3.1
v3.4
v3.4.1
v3.5
v3.5.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40375.json"