Lucene search

INCIBECVELIST:CVE-2023-32669

HistoryOct 03, 2023 - 12:23 p.m.

CVE-2023-32669 Authorization Bypass on BuddyBoss

2023-10-0312:23:24

CWE-639

INCIBE

www.cve.org

authorization

bypass

buddyboss

cve-2023-32669

vulnerability

exploitation

albums

identification

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

JSON

Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could allow an authenticated user to access and rename other users’ albums. This vulnerability can be exploited by changing the album identification (id).

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "BuddyBoss",
    "vendor": "BuddyBoss",
    "versions": [
      {
        "status": "affected",
        "version": "2.2.9"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-budyboss

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.1%

JSON

Related for CVELIST:CVE-2023-32669