3 matches found
CVE-2023-0944
Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. This is possible because the application is vulnerable to IDOR, it does not correctly validate user permissions with respect to certain...
CVE-2023-0944
CVE-2023-0944 affects Bhima 1.27.0. An authenticated user with regular permissions can perform an IDOR to update arbitrary user session data (e.g., username, email, password) due to improper permission validation for certain actions. The connected documents describe the vulnerability and impact b...
CVE-2023-0944
Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. This is possible because the application is vulnerable to IDOR, it does not correctly validate user permissions with respect to certain...