exploitDog

GHSA-8459-9grp-5w5j

Опубликовано: 09 июл. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 9.9

Описание

A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch, modify or delete a high privileged user (admin). This results in unauthorized access and unauthorized data manipulation.

A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch, modify or delete a high privileged user (admin). This results in unauthorized access and unauthorized data manipulation.

Ссылки

EPSS

Процентиль: 45%

0.00223

Низкий

9.9 Critical

CVSS3

CVE ID

Дефекты

CWE-639

Связанные уязвимости

CVE-2023-38052

CVSS3: 9.9

nvd

больше 1 года назад

A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch, modify or delete a high privileged user (admin). This results in unauthorized access and unauthorized data manipulation.

EPSS

Процентиль: 45%

0.00223

Низкий

9.9 Critical

CVSS3

CVE ID

Дефекты

CWE-639