exploitDog

GHSA-mmp7-w4pj-53qf

Опубликовано: 26 окт. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

The application suffers from improper access control when editing users. A user with read permissions can manipulate users, passwords, and permissions by sending a single HTTP POST request with modified parameters.

The application suffers from improper access control when editing users. A user with read permissions can manipulate users, passwords, and permissions by sending a single HTTP POST request with modified parameters.

Ссылки

EPSS

Процентиль: 12%

0.00042

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-284

Связанные уязвимости

CVE-2023-45228

CVSS3: 6.5

nvd

больше 2 лет назад

The application suffers from improper access control when editing users. A user with read permissions can manipulate users, passwords, and permissions by sending a single HTTP POST request with modified parameters.

EPSS

Процентиль: 12%

0.00042

Низкий

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-284