U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2024-39344

Change History

New CVE Received from MITRE 8/21/2024 12:15:08 PM

Action Type Old Value New Value
Added Description

								
							
							
						
An issue was discovered in the Docusign API package 8.142.14 for Salesforce. The Apttus_DocuApi__DocusignAuthentication__mdt object is installed via the marketplace from this package and stores some configuration information in a manner that could be compromised. With the default settings when installed for all users, the object can be accessible and (via its fields) could disclose some keys. These disclosed components can be combined to create a valid session via the Docusign API. This will generally lead to a complete compromise of the Docusign account because the session is for an administrator service account and may have permission to re-authenticate as specific users with the same authorization flow.
Added Reference

								
							
							
						
MITRE https://deneyed.com/blog/conga/ [No types assigned]
Added Reference

								
							
							
						
MITRE https://login.salesforce.com/packaging/installPackage.apexp?p0=04t6S000000YUDxQAO [No types assigned]