ByteOS Network

NVD Vulnerability Details :

CVE-2024-39344

Deferred

Source-cve@mitre.org

Published At-21 Aug, 2024 | 16:15

Updated At-15 Apr, 2026 | 00:35

An issue was discovered in the Docusign API package 8.142.14 for Salesforce. The Apttus_DocuApi__DocusignAuthentication__mdt object is installed via the marketplace from this package and stores some configuration information in a manner that could be compromised. With the default settings when installed for all users, the object can be accessible and (via its fields) could disclose some keys. These disclosed components can be combined to create a valid session via the Docusign API. This will generally lead to a complete compromise of the Docusign account because the session is for an administrator service account and may have permission to re-authenticate as specific users with the same authorization flow.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	8.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Type: Secondary

Version: 3.1

Base score: 8.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Weaknesses

CWE ID	Type	Source
CWE-200	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-200

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
https://deneyed.com/blog/conga/	cve@mitre.org	N/A
https://login.salesforce.com/packaging/installPackage.apexp?p0=04t6S000000YUDxQAO	cve@mitre.org	N/A

Hyperlink: https://deneyed.com/blog/conga/

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://login.salesforce.com/packaging/installPackage.apexp?p0=04t6S000000YUDxQAO

Source: cve@mitre.org

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History