Lucene search

[email protected]NVD:CVE-2023-38051

HistoryJul 09, 2024 - 11:15 a.m.

CVE-2023-38051

2024-07-0911:15:11

CWE-639

[email protected]

web.nvd.nist.gov

bola

vulnerability

secretaries

unauthorized access

data manipulation

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

20.1%

JSON

A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user to fetch, modify or delete a low privileged user (secretary). This results in unauthorized access and unauthorized data manipulation.

Affected configurations

Nvd

Node

easyappointmentseasyappointmentsRange<1.5.0

VendorProductVersionCPE
easyappointmentseasyappointments*cpe:2.3:a:easyappointments:easyappointments:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
easyappointments	easyappointments	*	cpe:2.3:a:easyappointments:easyappointments::::::::

References

github.com/alextselegidis/easyappointments

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS

0.001

Percentile

20.1%

JSON

Related for NVD:CVE-2023-38051

veracode1 vulnrichment1 osv1 cvelist1 cve1