Lucene search

GitHub_MCVE-2023-32316

HistoryMay 26, 2023 - 11:15 p.m.

CVE-2023-32316

2023-05-2623:15:16

CWE-862

GitHub_M

web.nvd.nist.gov

cloudexplorer lite

v1.1.0

vulnerability

user addition

permission check

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

17.5%

JSON

CloudExplorer Lite is an open source cloud management tool. In affected versions users can add themselves to any organization in CloudExplorer Lite. This is due to a missing permission check on the user profile. It is recommended to upgrade the version to v1.1.0. There are no known workarounds for this vulnerability.

Affected configurations

Nvd

Vulners

Node

fit2cloudcloudexplorerRange<1.1.0lite

VendorProductVersionCPE
fit2cloudcloudexplorer*cpe:2.3:a:fit2cloud:cloudexplorer:*:*:*:*:lite:*:*:*

Vendor	Product	Version	CPE
fit2cloud	cloudexplorer	*	cpe:2.3:a:fit2cloud:cloudexplorer:::::lite:::*

CNA Affected

[
  {
    "vendor": "CloudExplorer-Dev",
    "product": "CloudExplorer-Lite",
    "versions": [
      {
        "version": "< 1.1.0",
        "status": "affected"
      }
    ]
  }
]

References

github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-cp3j-437h-4vwj

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

17.5%

JSON

Related for CVE-2023-32316