9 matches found
CVE-2023-2844
CVE-2023-2844 affects cloudexplorer-lite prior to v1.1.0. The issue is an authorization bypass via a user-controlled key caused by missing authorization checks in the GitHub repository cloudexplorer-dev/cloudexplorer-lite. A PoC in Huntr shows an IDOR-style bypass where a user can impersonate ano...
CVE-2023-39519
CVE-2023-39519 affects CloudExplorer Lite (open source cloud management platform). Prior to version 1.4.0, there is a vulnerability in how user information is retrieved that can lead to leakage of sensitive data. The issue has been fixed in version 1.4.0. Detailed entries across multiple sources ...
CVE-2023-2845
CVE-2023-2845 targets the GitHub repository cloudexplorer-dev/cloudexplorer-lite and affects versions prior to v1.1.0. The root cause is improper access control, which can allow unauthorized actions within the application (as noted by multiple sources). All sources consistently cite an access-con...
CVE-2023-44397
CloudExplorer Lite (prior to v1.4.1) contains a permission bypass in its gateway filter. The issue is caused by a controller handling paths that start with matching/API/, enabling bypass of access controls. The CVE-2023-44397 entry notes a fix in v1.4.1. CVSS data indicates a high impact (possibl...
CVE-2023-42147
CVE-2023-42147 affects CloudExplorer Lite 1.3.1, with the vulnerable component described as the login key. The available documents state that an attacker can obtain sensitive information via this component, indicating a confidentiality impact (high) per CVSS 3.1 metrics. The root cause is not exp...
CVE-2023-50612
The CVE-2023-50612 issue affects fit2cloud Cloud Explorer Lite 1.4.1. It stems from an Insecure Permissions flaw in the cloud accounts parameter, enabling local attackers to escalate privileges and access sensitive information. Documents from Red Hat, NVD, OSV, and PT-Security corroborate the loc...
CVE-2023-38692
CloudExplorer Lite (open source cloud management platform) contains a command injection vulnerability in the installation function of the module management component, tracked as CVE-2023-38692. The root cause is a command execution vulnerability in that function, affecting versions prior to 1.3.1...
CVE-2023-3423
CVE-2023-3423 affects CloudExplorer Lite prior to version 1.2.0. The root cause described across sources is weak/absent password validation on the backend, which can allow weak passwords or guessing attempts to compromise accounts. Public references (NVD, Red Hat, OSV, etc.) consistently cite wea...
CVE-2023-34240
CVE-2023-34240 affects CloudExplorer-Lite prior to v1.2.0, where the authentication system did not enforce strong passwords, enabling weak-password guessing/brute-force attempts and potential authentication failures. Multiple sources confirm the issue and fix in v1.2.0, with upgrade advised. The ...