Description

An issue was discovered in the Docusign API package 8.142.14 for Salesforce. The Apttus_DocuApi__DocusignAuthentication__mdt object is installed via the marketplace from this package and stores some configuration information in a manner that could be compromised. With the default settings when installed for all users, the object can be accessible and (via its fields) could disclose some keys. These disclosed components can be combined to create a valid session via the Docusign API. This will generally lead to a complete compromise of the Docusign account because the session is for an administrator service account and may have permission to re-authenticate as specific users with the same authorization flow.

INFO

Published Date :

2024-08-21T00:00:00.000Z

Last Modified :

2024-08-26T16:11:08.480Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-39344 vulnerability.

Vendors Products
Salesforce
  • Docusign Api Package For Salesforce
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-39344.

URL Resource
https://deneyed.com/blog/conga/ cve-icon cve-icon
https://login.salesforce.com/packaging/installPackage.apexp?p0=04t6S000000YUDxQAO cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact