Lucene search

CVE-2023-38051

🗓️ 09 Jul 2024 11:11:15Reported by palo_altoType

cve🔗 web.nvd.nist.gov👁 33 Views🌐 WEB

A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows unauthorized access and data manipulatio

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 5
Cvelist	CVE-2023-38051 A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} in EasyAppointments < 1.5.0	9 Jul 202410:27	–	cvelist
Veracode	Authorization Bypass	24 Jul 202405:50	–	veracode
NVD	CVE-2023-38051	9 Jul 202411:15	–	nvd
Vulnrichment	CVE-2023-38051 A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} in EasyAppointments < 1.5.0	9 Jul 202410:27	–	vulnrichment
OSV	CVE-2023-38051	9 Jul 202411:15	–	osv

Nvd

Node

easyappointments easyappointmentsRange<1.5.0

[
  {
    "collectionURL": "https://github.com/alextselegidis/easyappointments",
    "defaultStatus": "unaffected",
    "packageName": "alextselegidis/easyappointments",
    "product": "easyappointments",
    "versions": [
      {
        "lessThan": "1.5.0",
        "status": "affected",
        "version": "*",
        "versionType": "git"
      }
    ]
  }
]

Source	Link
github	www.github.com/alextselegidis/easyappointments

Parameter	Position	Path	Description	CWE
secretaryId	path	/secretaries/{secretaryId}	Broken Object Level Authorization (BOLA) vulnerability allowing unauthorized access to secretary data.	CWE-639

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

09 Jul 2024 11:15Current

8.5High risk

Vulners AI Score8.5

CVSS38.1 - 9.9

EPSS0.00117

SSVC

CWE-639