Lucene search

[email protected]NVD:CVE-2023-38991

HistoryAug 04, 2023 - 12:15 a.m.

CVE-2023-38991

2023-08-0400:15:13

CWE-732

[email protected]

web.nvd.nist.gov

vulnerability

actmodelcontroller

authenticated deletion

administrator

jeesite v1.2.6

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

22.5%

JSON

An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator.

Affected configurations

Nvd

Node

jeesitejeesiteMatch1.2.6

VendorProductVersionCPE
jeesitejeesite1.2.6cpe:2.3:a:jeesite:jeesite:1.2.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
jeesite	jeesite	1.2.6	cpe:2.3:a:jeesite:jeesite:1.2.6:::::::*

References

github.com/thinkgem/jeesite/issues/520

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

22.5%

JSON

Related for NVD:CVE-2023-38991

cvelist1 prion1 cve1 osv1