CVE-2023-38050

🗓️ 09 Jul 2024 10:26:46Reported by palo_altoType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 49 Views🌐 WEB

BOLA vulnerability in /webhooks/{webhookId} allows unauthorized access and data manipulatio

Reporter	Title	Published	Views	Family All 7
CNNVD	Easy!Appointments Security Vulnerability	9 Jul 202400:00	–	cnnvd
Cvelist	CVE-2023-38050 A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} in EasyAppointments < 1.5.0	9 Jul 202410:26	–	cvelist
EUVD	EUVD-2023-41876	3 Oct 202520:07	–	euvd
NVD	CVE-2023-38050	9 Jul 202411:15	–	nvd
Positive Technologies	PT-2024-12684 · Easyappointments +1 · Alextselegidis/Easyappointments +1	9 Jul 202400:00	–	ptsecurity
Veracode	Authorization Bypass	12 Jul 202404:45	–	veracode
Vulnrichment	CVE-2023-38050 A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} in EasyAppointments < 1.5.0	9 Jul 202410:26	–	vulnrichment

NVD

Node

easyappointments easyappointmentsRange<1.5.0

[
  {
    "collectionURL": "https://github.com/alextselegidis/easyappointments",
    "defaultStatus": "unaffected",
    "packageName": "alextselegidis/easyappointments",
    "product": "easyappointments",
    "versions": [
      {
        "lessThan": "1.5.0",
        "status": "affected",
        "version": "*",
        "versionType": "git"
      }
    ]
  }
]

Source	Link
github	www.github.com/alextselegidis/easyappointments

Parameter	Position	Path	Description	CWE
webhookId	path	/webhooks/{webhookId}	A BOLA vulnerability allowing low privileged user to fetch, modify or delete a webhook of any user via GET, PUT, DELETE /webhooks/{webhookId}.	CWE-639

21 Nov 2024 08:12Current

8.3High risk

Vulners AI Score8.3

CVSS 3.18.1 - 9.1

EPSS0.00154

SSVC

CWE-639