Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in the Docusign API package 8.142.14 for Salesforce. The Apttus_DocuApi__DocusignAuthentication__mdt object is installed via the marketplace from this package and stores some configuration information in a manner that could be compromised. With the default settings when installed for all users, the object can be accessible and (via its fields) could disclose some keys. These disclosed components can be combined to create a valid session via the Docusign API. This will generally lead to a complete compromise of the Docusign account because the session is for an administrator service account and may have permission to re-authenticate as specific users with the same authorization flow.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Docusign API 安全漏洞
Vulnerability Description
Docusign API是Docusign公司的一个安全且可扩展的 API。 Docusign API 8.142.14版本存在安全漏洞。攻击者利用该漏洞导致 Docusign 帐户完全被破解。
CVSS Information
N/A
Vulnerability Type
N/A