3 matches found
CVE-2023-0967
Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. This is possible because the application is vulnerable to IDOR, it does not properly validate user...
CVE-2023-0967
CVE-2023-0967 affects Bhima 1.27.0. An attacker authenticated with normal user permissions can view data that should be admin-only due to an IDOR-like permission validation flaw. All connected sources consistently describe Bhima 1.27.0 as vulnerable to improper permission checks that expose sensi...
CVE-2023-0967
Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. This is possible because the application is vulnerable to IDOR, it does not properly validate user...