exploitDog

CVE-2023-0959

Опубликовано: 05 апр. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable to CSRF.

Ссылки

https://fluidattacks.com/advisories/calamaro/
Exploit
Third Party Advisory
https://github.com/IMA-WorldHealth/bhima/
Product
https://fluidattacks.com/advisories/calamaro/
Exploit
Third Party Advisory
https://github.com/IMA-WorldHealth/bhima/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:imaworldhealth:bhima:1.27.0:*:*:*:*:*:*:*

EPSS

Процентиль: 24%

0.00082

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-269

CWE-269

Связанные уязвимости

GHSA-w6hx-w9fx-4g2r

CVSS3: 6.5

github

почти 3 года назад

Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable to CSRF.

EPSS

Процентиль: 24%

0.00082

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-269

CWE-269