Lucene search

[email protected]NVD:CVE-2023-38048

HistoryJul 09, 2024 - 11:15 a.m.

CVE-2023-38048

2024-07-0911:15:10

CWE-639

[email protected]

web.nvd.nist.gov

bola vulnerability

unauthorized access

data manipulation

low privileged user

provider

get

put

delete

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

20.1%

JSON

A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to fetch, modify or delete a privileged user (provider). This results in unauthorized access and unauthorized data manipulation.

Affected configurations

Nvd

Node

easyappointmentseasyappointmentsRange<1.5.0

VendorProductVersionCPE
easyappointmentseasyappointments*cpe:2.3:a:easyappointments:easyappointments:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
easyappointments	easyappointments	*	cpe:2.3:a:easyappointments:easyappointments::::::::

References

github.com/alextselegidis/easyappointments

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

20.1%

JSON

Related for NVD:CVE-2023-38048

cvelist1 osv1 vulnrichment1 veracode1 cve1