Lucene search

[email protected]CVE-2023-2944

HistoryMay 27, 2023 - 10:15 p.m.

CVE-2023-2944

2023-05-2722:15:10

CWE-284

[email protected]

web.nvd.nist.gov

cve-2023-2944

github

repository

openemr

access control

nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

5.9 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.9%

JSON

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.

Affected configurations

NVD

Node

open-emropenemrRange<7.0.1

CPENameOperatorVersion
open-emr:openemropen-emr openemrlt7.0.1

CPE	Name	Operator	Version
open-emr:openemr	open-emr openemr	lt	7.0.1

CNA Affected

[
  {
    "vendor": "openemr",
    "product": "openemr/openemr",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "7.0.1",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/openemr/openemr/commit/723ac5d78080d1b8542f47673988cd63e0389d25

huntr.dev/bounties/0d67dcb1-acc0-4d5d-bb69-a09d1bc9fa1d

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

5.9 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.9%

JSON

Related for CVE-2023-2944

nvd1 prion1 osv1 cvelist1 huntr1 openvas1