Lucene search

MitreCVE-2023-42334

HistorySep 20, 2023 - 8:15 p.m.

CVE-2023-42334

2023-09-2020:15:11

CWE-639

mitre

web.nvd.nist.gov

cve-2023-42334

indirect object reference

idor

fl3xx dispatch

fl3xx crew

remote attack

privilege escalation

security vulnerability

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

46.9%

JSON

An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter.

Affected configurations

Nvd

Node

fl3xxcrewMatch2.10.37

fl3xxdispatchMatch2.10.37

VendorProductVersionCPE
fl3xxcrew2.10.37cpe:2.3:a:fl3xx:crew:2.10.37:*:*:*:*:*:*:*
fl3xxdispatch2.10.37cpe:2.3:a:fl3xx:dispatch:2.10.37:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fl3xx	crew	2.10.37	cpe:2.3:a:fl3xx:crew:2.10.37:::::::*
fl3xx	dispatch	2.10.37	cpe:2.3:a:fl3xx:dispatch:2.10.37:::::::*

References

0xhunter20.medium.com/an-idor-lead-to-viewing-other-users-files-cve-2023-42334-702de328c453

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

46.9%

JSON

Related for CVE-2023-42334