Lucene search

Veracode Vulnerability DatabaseVERACODE:45481

HistoryFeb 14, 2024 - 8:51 a.m.

Improper Authorization

2024-02-1408:51:34

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

authorization

vulnerability

redirectresponse

access control

backend events

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

derhansen/sf_event_mgt is vulnerable to Improper Authorization. The vulnerability is due to mishandling the RedirectResponse from the $this->redirect() function, resulting in broken access control checks for events in the backend module. An attacker could exploit this by manipulating the redirect response to bypass access controls and gain unauthorized access to backend events.

CPENameOperatorVersion
derhansen/sf_event_mgtle7.3.3
derhansen/sf_event_mgtle7.3.3

CPE	Name	Operator	Version
	derhansen/sf_event_mgt	le	7.3.3
	derhansen/sf_event_mgt	le	7.3.3

References

github.com/derhansen/sf_event_mgt/commit/a08c2cd48695c07e462d15eeb70434ddc0206e4c

github.com/derhansen/sf_event_mgt/security/advisories/GHSA-4576-pgh2-g34j

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for VERACODE:45481