CVE-2024-23685

Published: Jan 19, 2024

Modified: Nov 29, 2025

PUBLISHED

Description

Hard-coded credentials in mod-remote-storage versions under 1.7.2 and from 2.0.0 to 2.0.3 allows unauthorized users to gain read access to mod-inventory-storage records including instances, holdings, items, contributor-types, and identifier-types.

Vendor	Product	Versions
Unknown	org.folio:mod-remote-storage	affected `0 - < 1.7.2` affected `2.0.0 - < 2.0.3`

References

https://github.com/folio-org/mod-remote-storage/security/advisories/GHSA-m8v7-469p-5x89

vendor-advisory

https://github.com/folio-org/mod-remote-storage/commit/57df495f76e9aa5be9ce7ce3a65f89b6dbcbc13b

patch

https://wiki.folio.org/x/hbMMBw

https://github.com/advisories/GHSA-m8v7-469p-5x89

third-party-advisory

https://vulncheck.com/advisories/vc-advisory-GHSA-m8v7-469p-5x89

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-23685

Description

Affected Products

References