In Montala ResourceSpace through 9.8 before r19636, csv_export_results_metadata.php allows attackers to export collection metadata via a non-NULL k value.
Threat-Mapped Scoring
Score: 1.8
Priority: P4 - Informational (Low)
S9 – Sabotage of System/App
EPSS
Score: 0.13904 Percentile:
0.93991
CVSS Scoring
CVSS v3.1 Score: 6.5
Severity: MEDIUM
Mapped CWE(s)
CWE-306
: Missing Authentication for Critical Function
All CAPEC(s)
CAPEC-12: Choosing Message Identifier
CAPEC-166: Force the System to Reset Values
CAPEC-216: Communication Channel Manipulation
CAPEC-36: Using Unpublished Interfaces or Functionality