exploitDog

CVE-2023-38752

Опубликовано: 09 авг. 2023

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the attribute information of the poster that is set as"non-disclosure" in the system settings.

Ссылки

https://jvn.jp/en/jp/JVN83334799/
Third Party Advisory
https://www.jpcert.or.jp/press/2023/PR20230807_notice.html
Third Party Advisory
https://jvn.jp/en/jp/JVN83334799/
Third Party Advisory
https://www.jpcert.or.jp/press/2023/PR20230807_notice.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jpcert:special_interest_group_network_for_analysis_and_liaison:*:*:*:*:*:*:*:*

Версия от 4.4.0 (включая) до 4.7.7 (включая)

EPSS

Процентиль: 24%

0.00078

Низкий

4.3 Medium

CVSS3

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-x2ph-h54q-c64j

CVSS3: 4.3

github

больше 2 лет назад

Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the attribute information of the poster that is set as"non-disclosure" in the system settings.

EPSS

Процентиль: 24%

0.00078

Низкий

4.3 Medium

CVSS3

Дефекты

NVD-CWE-Other