Lucene search

[email protected]CVE-2023-28876

HistoryDec 06, 2023 - 1:15 a.m.

CVE-2023-28876

2023-12-0601:15:07

[email protected]

web.nvd.nist.gov

cve

broken access control

comments

filerun

update 20220202

attackers

delete

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users.

Affected configurations

NVD

Node

afianfilerunRange≤2022.02.02

CPENameOperatorVersion
afian:filerunafian filerunle2022.02.02

CPE	Name	Operator	Version
afian:filerun	afian filerun	le	2022.02.02

References

filerun.com/changelog

herolab.usd.de/security-advisories/usd-2022-0010/

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

Related for CVE-2023-28876

nvd1 cvelist1 prion1