exploitDog

CVE-2023-32669

Опубликовано: 03 окт. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could allow an authenticated user to access and rename other users' albums. This vulnerability can be exploited by changing the album identification (id).

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-budyboss
Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-budyboss
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:buddyboss:buddyboss:2.2.9:*:*:*:*:wordpress:*:*

EPSS

Процентиль: 14%

0.00046

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-639

CWE-639

Связанные уязвимости

GHSA-r73q-v29w-vr75

CVSS3: 5.4

github

больше 2 лет назад

Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could allow an authenticated user to access and rename other users' albums. This vulnerability can be exploited by changing the album identification (id).

EPSS

Процентиль: 14%

0.00046

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-639

CWE-639