CVE-2023-38055

🗓️ 09 Jul 2024 10:29:43Reported by palo_altoType

cve🔗 web.nvd.nist.gov👁 49 Views🌐 WEB

A BOLA vulnerability allows unauthorized access and data manipulatio

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2023-38055	9 Jul 202413:56	–	circl
CNNVD	Easy!Appointments Security Vulnerability	9 Jul 202400:00	–	cnnvd
Cvelist	CVE-2023-38055 A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} in EasyAppointments < 1.5.0	9 Jul 202410:29	–	cvelist
EUVD	EUVD-2023-41881	3 Oct 202520:07	–	euvd
NVD	CVE-2023-38055	9 Jul 202411:15	–	nvd
Positive Technologies	PT-2024-12689 · Easyappointments +1 · Alextselegidis/Easyappointments +1	9 Jul 202400:00	–	ptsecurity
RedhatCVE	CVE-2023-38055	23 May 202504:06	–	redhatcve
Veracode	Authorization Bypass	11 Jul 202408:56	–	veracode
Vulnrichment	CVE-2023-38055 A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} in EasyAppointments < 1.5.0	9 Jul 202410:29	–	vulnrichment

NVD

Node

easyappointments easyappointmentsRange<1.5.0

[
  {
    "collectionURL": "https://github.com/alextselegidis/easyappointments",
    "defaultStatus": "unaffected",
    "packageName": "alextselegidis/easyappointments",
    "product": "easyappointments",
    "versions": [
      {
        "lessThan": "1.5.0",
        "status": "affected",
        "version": "*",
        "versionType": "git"
      }
    ]
  }
]

Source	Link
github	www.github.com/alextselegidis/easyappointments

Parameter	Position	Path	Description	CWE
serviceId	path	/services/{serviceId}	A BOLA vulnerability allows low privileged users to fetch, modify or delete services of any user (including admin) via GET, PUT, DELETE on /services/{serviceId}.	CWE-639

21 Nov 2024 08:12Current

8.4High risk

Vulners AI Score8.4

CVSS 3.18.1 - 9.6

EPSS0.00173

SSVC

CWE-639