Docusign Api Package For Salesforce
Approved changes feed: RSS · Atom
cpe:2.3:a:salesforce:docusign_api_package_for_salesforce:8.142.14:*:*:*:*:*:*:*
part: a version: 8.142.14 update: *
| Vendor | Salesforce (cfdafdea-90cf-5590-ad24-239f205b7d02) |
|---|---|
| Product | Docusign Api Package For Salesforce (597c20d3-fac9-56d7-9810-d832c705260b) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-39344 |
vulnerable | 2026-06-03 14:56:20.602813 |
Details available
An issue was discovered in the Docusign API package 8.142.14 for Salesforce. The Apttus_DocuApi__DocusignAuthentication__mdt object is installed via the marketplace from this package and stores some configuration information in a manner that could be compromised. With the default settings when installed for all users, the object can be accessible and (via its fields) could disclose some keys. These disclosed components can be combined to create a valid session via the Docusign API. This will generally lead to a complete compromise of the Docusign account because the session is for an administrator service account and may have permission to re-authenticate as specific users with the same authorization flow.
Published: 2024-08-21T00:00:00.000Z
Updated: 2024-08-26T16:11:08.480Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.