4 matches found
CVE-2023-0610 Improper Authorization in wallabag/wallabag
Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3...
CVE-2023-0610 Improper Authorization in wallabag/wallabag
Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3...
CVE-2023-0610 Improper Authorization in wallabag/wallabag
Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3...
CVE-2023-0610
wallabag/wallabag (pre-2.5.3) is affected by an improper authorization vulnerability in the annotations feature. The issue arises from missing authorization validation on PUT/DELETE requests for annotations, allowing a logged-in user to modify or delete any annotation by ID and potentially disclo...