Lucene search

@huntrdevCVELIST:CVE-2023-1647

HistoryMar 27, 2023 - 12:00 a.m.

CVE-2023-1647 Improper Access Control in calcom/cal.com

2023-03-2700:00:00

CWE-284

@huntrdev

www.cve.org

cve-2023-1647

access control

github

repository

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

31.8%

JSON

Improper Access Control in GitHub repository calcom/cal.com prior to 2.7.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "calcom/cal.com",
    "vendor": "calcom",
    "versions": [
      {
        "lessThan": "2.7",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/sbs20/scanservjs/pull/606/commits/d51fd52c1569813990b8f74e64ae6979c665dca1

huntr.dev/bounties/d6de3d6e-9551-47d1-b28c-7e965c1b82b6

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

31.8%

JSON

Related for CVELIST:CVE-2023-1647