Lucene search

[email protected]CVE-2023-32669

HistoryOct 03, 2023 - 1:15 p.m.

CVE-2023-32669

2023-10-0313:15:10

CWE-639

[email protected]

web.nvd.nist.gov

cve-2023-32669

authorization bypass

buddyboss 2.2.9

vulnerability

album access

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.0%

JSON

Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could allow an authenticated user to access and rename other users’ albums. This vulnerability can be exploited by changing the album identification (id).

Affected configurations

Vulners

NVD

Node

buddybossbuddybossRange≤2.2.9

VendorProductVersionCPE
buddybossbuddyboss*cpe:2.3:a:buddyboss:buddyboss:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
buddyboss	buddyboss	*	cpe:2.3:a:buddyboss:buddyboss::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "BuddyBoss",
    "vendor": "BuddyBoss",
    "versions": [
      {
        "status": "affected",
        "version": "2.2.9"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-budyboss

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.0%

JSON

Related for CVE-2023-32669

prion1 cvelist1 nvd1