Lucene search

INCIBECVE-2023-32669

HistoryOct 03, 2023 - 1:15 p.m.

CVE-2023-32669

2023-10-0313:15:10

CWE-639

INCIBE

web.nvd.nist.gov

cve-2023-32669

authorization bypass

buddyboss 2.2.9

vulnerability

album access

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

18.6%

JSON

Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could allow an authenticated user to access and rename other users’ albums. This vulnerability can be exploited by changing the album identification (id).

Affected configurations

Nvd

Vulners

Node

buddybossbuddybossMatch2.2.9wordpress

VendorProductVersionCPE
buddybossbuddyboss2.2.9cpe:2.3:a:buddyboss:buddyboss:2.2.9:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
buddyboss	buddyboss	2.2.9	cpe:2.3:a:buddyboss:buddyboss:2.2.9:::::wordpress::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "BuddyBoss",
    "vendor": "BuddyBoss",
    "versions": [
      {
        "status": "affected",
        "version": "2.2.9"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-budyboss

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

18.6%

JSON

Related for CVE-2023-32669