exploitDog

CVE-2023-40362

Опубликовано: 12 янв. 2024

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known.

Ссылки

https://github.com/ally-petitt/CVE-2023-40362
Exploit
Third Party Advisory
https://www.classaction.org/news/centralsquare-hit-with-class-action-over-2017-2018-click2gov-data-breach
Press/Media Coverage
Vendor Advisory
https://github.com/ally-petitt/CVE-2023-40362
Exploit
Third Party Advisory
https://www.classaction.org/news/centralsquare-hit-with-class-action-over-2017-2018-click2gov-data-breach
Press/Media Coverage
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:centralsquare:click2gov_building_permit:-:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.0478

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-862

CWE-862

Связанные уязвимости

GHSA-4mhf-c48q-rghx

CVSS3: 4.3

github

около 2 лет назад

An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known.

EPSS

Процентиль: 89%

0.0478

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-862

CWE-862