7 matches found
CVE-2023-2844
CVE-2023-2844 affects cloudexplorer-lite prior to v1.1.0. The issue is an authorization bypass via a user-controlled key caused by missing authorization checks in the GitHub repository cloudexplorer-dev/cloudexplorer-lite. A PoC in Huntr shows an IDOR-style bypass where a user can impersonate ano...
CVE-2023-39519
CVE-2023-39519 affects CloudExplorer Lite (open source cloud management platform). Prior to version 1.4.0, there is a vulnerability in how user information is retrieved that can lead to leakage of sensitive data. The issue has been fixed in version 1.4.0. Detailed entries across multiple sources ...
CVE-2023-2845
CVE-2023-2845 targets the GitHub repository cloudexplorer-dev/cloudexplorer-lite and affects versions prior to v1.1.0. The root cause is improper access control, which can allow unauthorized actions within the application (as noted by multiple sources). All sources consistently cite an access-con...
CVE-2023-44397
CloudExplorer Lite (prior to v1.4.1) contains a permission bypass in its gateway filter. The issue is caused by a controller handling paths that start with matching/API/, enabling bypass of access controls. The CVE-2023-44397 entry notes a fix in v1.4.1. CVSS data indicates a high impact (possibl...
CVE-2023-38692
CloudExplorer Lite (open source cloud management platform) contains a command injection vulnerability in the installation function of the module management component, tracked as CVE-2023-38692. The root cause is a command execution vulnerability in that function, affecting versions prior to 1.3.1...
CVE-2023-34240
CVE-2023-34240 affects CloudExplorer-Lite prior to v1.2.0, where the authentication system did not enforce strong passwords, enabling weak-password guessing/brute-force attempts and potential authentication failures. Multiple sources confirm the issue and fix in v1.2.0, with upgrade advised. The ...
CVE-2023-3423
CVE-2023-3423 affects CloudExplorer Lite prior to version 1.2.0. The root cause described across sources is weak/absent password validation on the backend, which can allow weak passwords or guessing attempts to compromise accounts. Public references (NVD, Red Hat, OSV, etc.) consistently cite wea...