Lucene search

[email protected]NVD:CVE-2023-42334

HistorySep 20, 2023 - 8:15 p.m.

CVE-2023-42334

2023-09-2020:15:11

CWE-639

[email protected]

web.nvd.nist.gov

indirect object reference fl3xx dispatch crew privilege escalation

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

46.9%

JSON

An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter.

Affected configurations

Nvd

Node

fl3xxcrewMatch2.10.37

fl3xxdispatchMatch2.10.37

VendorProductVersionCPE
fl3xxcrew2.10.37cpe:2.3:a:fl3xx:crew:2.10.37:*:*:*:*:*:*:*
fl3xxdispatch2.10.37cpe:2.3:a:fl3xx:dispatch:2.10.37:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fl3xx	crew	2.10.37	cpe:2.3:a:fl3xx:crew:2.10.37:::::::*
fl3xx	dispatch	2.10.37	cpe:2.3:a:fl3xx:dispatch:2.10.37:::::::*

References

0xhunter20.medium.com/an-idor-lead-to-viewing-other-users-files-cve-2023-42334-702de328c453

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

46.9%

JSON

Related for NVD:CVE-2023-42334

vulnrichment1 cve1 cvelist1 prion1