{"id": "OBB:1257201", "type": "openbugbounty", "bulletinFamily": "bugbounty", "title": "cataldomeeks.com Improper Access Control vulnerability OBB-1257201 ", "description": " \n\n\nFollowing coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147](<https://www.iso.org/standard/45170.html>)** standard, Open Bug Bounty has: \n\n&amp;nbsp&amp;nbsp&amp;nbsp&amp;nbsp&amp;nbsp&amp;nbspa. verified the vulnerability and confirmed its existence; \n&amp;nbsp&amp;nbsp&amp;nbsp&amp;nbsp&amp;nbsp&amp;nbspb. notified the website operator about its existence.\n\nAffected Website:| **[cataldomeeks.com](<http://cataldomeeks.com>) ** \n---|--- \nOpen Bug Bounty Program:| **Create your bounty program now**. It's open and free. \nVulnerable Application:| Custom Code \nVulnerability Type:| **[IAC (Improper Access Control)](<https://www.owasp.org/index.php/Broken_Access_Control>)** / CWE-284 \nCVSSv3 Score:| 6.5 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N] \nDisclosure Standard:| Coordinated Disclosure based on **[ISO 29147](<https://www.iso.org/standard/45170.html>)** guidelines \nDiscovered and Reported by:| **MrRain_1996 ** \nRemediation Guide:| **[OWASP Access Control Cheat Sheet](<https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Access_Control_Cheat_Sheet.md>)** \nExport Vulnerability Data:| Bugzilla Vulnerability Data \nJIRA Vulnerability Data [ Configuration ] \nMantis Vulnerability Data \nSplunk Vulnerability Data \nXML Vulnerability Data [ XSD ] \n \nVulnerable URL:\n\n \n--- \n \nHTTP POST data:\n\n \n--- \n \n**Mirror:** [Click here to view the mirror](<http://1257201.openbounty.org/mirror/>)\n\n### Coordinated Disclosure Timeline\n\nVulnerability Reported:| 12 August, 2020 06:48 GMT \n---|--- \nVulnerability Verified:| 12 August, 2020 07:34 GMT \nWebsite Operator Notified:| 12 August, 2020 07:34 GMT \na. Using the ISO 29147 guidelines|  \n---|--- \nb. Using publicly available security contacts|  \nc. Using Open Bug Bounty notification framework|  \nd. Using security contacts provided by the researcher|  \nPublic Report Published \n[without any technical details]:| 12 August, 2020 07:34 GMT \nVulnerability Fixed:| 13 August, 2020 06:59 GMT \n---|---\n", "published": "2020-08-12T06:48:00", "modified": "2020-09-11T06:48:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.openbugbounty.org/reports/1257201/", "reporter": "MrRain_1996", "references": [], "cvelist": [], "lastseen": "2020-10-03T03:43:13", "viewCount": 0, "enchantments": {"dependencies": {"references": [], "modified": "2020-10-03T03:43:13", "rev": 2}, "score": {"value": 0.0, "vector": "NONE", "modified": "2020-10-03T03:43:13", "rev": 2}, "vulnersScore": 0.0}, "openbugbounty": {"patchStatus": "patched", "mirror": "http://1257201.openbounty.org/mirror/"}}

{}