Lucene search
Palo_altoCVELIST:CVE-2023-3290HistoryJul 09, 2024 - 10:23 a.m.
CVE-2023-3290 A BOLA vulnerability in POST /customers in EasyAppointments < 1.5.0
2024-07-0910:23:21
CWE-639
palo_alto
www.cve.org
2
cve-2023-3290
bola vulnerability
easyappointments
CVSS3
5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
EPSS
0
Percentile
14.7%
A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system. This results in unauthorized data manipulation.
CNA Affected
[
{
"collectionURL": "https://github.com/alextselegidis/easyappointments",
"defaultStatus": "unaffected",
"packageName": "alextselegidis/easyappointments",
"product": "easyappointments",
"versions": [
{
"lessThan": "1.5.0",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
]Related
cve
cve
CVE-2023-3290
2024-07-09 11:15:12
osv
osv
CVE-2023-3290
2024-07-09 11:15:12
vulnrichment
vulnrichment
nvd
nvd
CVE-2023-3290
2024-07-09 11:15:12
veracode
veracode
Authorization Bypass
2024-07-12 04:37:53
CVSS3
5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
EPSS
0
Percentile
14.7%
Related for CVELIST:CVE-2023-3290