CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L
AI Score
Confidence
High
EPSS
Percentile
20.1%
alextselegidis/easyappointments is vulnerable to is vulnerable to Authorization Bypass. The vulnerability is due to improper authorization checks in the GET, PUT, and DELETE methods for the /categories/{categoryId} endpoint. This allows a low-privileged user to fetch, modify, or delete the category data of any user, including administrators, resulting in unauthorized access and data manipulation. Attackers can exploit this to alter or delete sensitive information without proper authorization.