Lucene search

[email protected]NVD:CVE-2023-43194

HistoryNov 02, 2023 - 10:15 p.m.

CVE-2023-43194

2023-11-0222:15:09

CWE-862

[email protected]

web.nvd.nist.gov

submitty vulnerability

access control

forum deletion

request parameter modification

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

17.0%

JSON

Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post in the forum by modifying request parameter.

Affected configurations

Nvd

Node

rcossubmittyMatch22.06.00

VendorProductVersionCPE
rcossubmitty22.06.00cpe:2.3:a:rcos:submitty:22.06.00:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
rcos	submitty	22.06.00	cpe:2.3:a:rcos:submitty:22.06.00:::::::*

References

fuchai.net/cve/CVE-2023-43194

github.com/Submitty/Submitty/pull/8032

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

17.0%

JSON

Related for NVD:CVE-2023-43194

osv1 prion1 vulnrichment1 cvelist1 cve1