Primary

Context

code-gen Incorrect Access Control Vulnerability

Vulnerability

An incorrect access control vulnerability has been identified in code-gen versions through 2.0.6. The issue arises because the project lacks proper permission controls, allowing anyone to access projects hosted publicly. This vulnerability could lead to unauthorized access to sensitive information, such as database credentials.

Impact

Exploitation of this vulnerability could result in unauthorized access to publicly available projects, potentially exposing sensitive information like database usernames and passwords.

Reproduction

The vulnerability can be reproduced by accessing a public project created with the code-gen tool, which is a code generation utility that supports MySQL, Oracle, SQL Server, and PostgreSQL. The absence of access controls allows any user to view the project, including sensitive data such as database connection details.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

code-gen Incorrect Access Control Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

durcframework code-gen

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating