CVE-2023-38393

2024-06-1915:15:57

CWE-862

[email protected]

web.nvd.nist.gov

cve-2023-38393

reserve

publicized

security problem

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

0.0004 Low

EPSS

Percentile

9.1%

JSON

Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25.

Affected configurations

Vulners

Node

saturday_driveninja_formsRange≤3.6.25

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "ninja-forms",
    "product": "Ninja Forms",
    "vendor": "Saturday Drive",
    "versions": [
      {
        "changes": [
          {
            "at": "3.6.26",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.6.25",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]