CVE-2024-23687 – This vulnerability involves hard-coded credenti... (How to Fix)

Q: What is the severity of CVE-2024-23687?

CVE-2024-23687 has a CVSS score of 9.1 (CRITICAL). This vulnerability involves hard-coded credentials in FOLIO's mod-data-export-spring module, allowing unauthenticated attackers to access critical APIs, modify user data, change configurations including SSO settings, and manipulate financial data. It affects all systems running vulnerable versions of the module. The CVSS 9.1 score indicates critical severity.

📋 TL;DR

This vulnerability involves hard-coded credentials in FOLIO's mod-data-export-spring module, allowing unauthenticated attackers to access critical APIs, modify user data, change configurations including SSO settings, and manipulate financial data. It affects all systems running vulnerable versions of the module. The CVSS 9.1 score indicates critical severity.

💻 Affected Systems

Products:

FOLIO mod-data-export-spring

Versions: Versions before 1.5.4 and versions 2.0.0 through 2.0.2

Operating Systems: Any OS running FOLIO

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations with affected versions are vulnerable. The module must be deployed and accessible.

📦 What is this software?

Mod Data Export Spring by Openlibraryfoundation

View all CVEs affecting Mod Data Export Spring →

Mod Data Export Spring by Openlibraryfoundation

View all CVEs affecting Mod Data Export Spring →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise including SSO takeover, user data manipulation, financial fraud, and configuration changes enabling persistent access.

🟠

Likely Case

Unauthorized data access and modification, potential financial manipulation, and configuration changes affecting system security.

🟢

If Mitigated

Limited impact if network segmentation and access controls prevent external access to vulnerable endpoints.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to the vulnerable module but no authentication. The hard-coded credentials are publicly documented in the advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.5.4 or 2.0.3

Vendor Advisory: https://github.com/folio-org/mod-data-export-spring/security/advisories/GHSA-vf78-3q9f-92g3

Restart Required: Yes

Instructions:

1. Identify current version of mod-data-export-spring. 2. Upgrade to version 1.5.4 (for 1.x branch) or 2.0.3 (for 2.x branch). 3. Restart the FOLIO module. 4. Verify the fix by checking version and testing API access.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict network access to the mod-data-export-spring module using firewall rules or network segmentation.

iptables -A INPUT -p tcp --dport [module_port] -s [allowed_ips] -j ACCEPT
iptables -A INPUT -p tcp --dport [module_port] -j DROP

API Gateway Protection

all

Place the module behind an API gateway or reverse proxy with authentication requirements.

🧯 If You Can't Patch

Implement strict network segmentation to isolate the vulnerable module from untrusted networks.
Deploy a web application firewall (WAF) with rules to block unauthorized API access patterns.

🔍 How to Verify

Check if Vulnerable:

Check the module version via FOLIO admin interface or by querying the module's status endpoint. Compare against affected versions.

Check Version:

curl -X GET http://[module_host]:[port]/admin/health | grep version

Verify Fix Applied:

After patching, verify the version is 1.5.4 or higher (for 1.x) or 2.0.3 or higher (for 2.x). Test that unauthenticated API access is no longer possible.

📡 Detection & Monitoring

Log Indicators:

Unauthenticated API requests to mod-data-export-spring endpoints
Failed authentication attempts using hard-coded credentials
Unusual configuration changes or data export activities

Network Indicators:

Unusual traffic patterns to mod-data-export-spring APIs from unauthorized sources
API requests without authentication headers

SIEM Query:

source="mod-data-export-spring" AND (status="401" OR auth_method="none")

📊 Metadata

CVE ID: CVE-2024-23687

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-798

Published: January 19, 2024

Last Updated: November 29, 2025

🔗 References

https://github.com/advisories/GHSA-vf78-3q9f-92g3 Third Party Advisory
https://github.com/folio-org/mod-data-export-spring/commit/93aff4566bff59e30f4121b5a2bda5b0b508a446 Patch
https://github.com/folio-org/mod-data-export-spring/security/advisories/GHSA-vf78-3q9f-92g3 Vendor Advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-vf78-3q9f-92g3 Third Party Advisory
https://wiki.folio.org/x/hbMMBw Patch,Vendor Advisory
https://github.com/advisories/GHSA-vf78-3q9f-92g3 Third Party Advisory
https://github.com/folio-org/mod-data-export-spring/commit/93aff4566bff59e30f4121b5a2bda5b0b508a446 Patch
https://github.com/folio-org/mod-data-export-spring/security/advisories/GHSA-vf78-3q9f-92g3 Vendor Advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-vf78-3q9f-92g3 Third Party Advisory
https://wiki.folio.org/x/hbMMBw Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-23687, you might also want to check these: