Insufficient Granularity of Access Control in fossbilling/fossbilling
CVE-2023-3227

5.7MEDIUM

Key Information:

Vendor: Fossbilling
Status: Fossbilling/fossbilling
Vendor: CVE Published:; 14 June 2023

🔔 Create Fossbilling Vulnerability Alert

What is CVE-2023-3227?

Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0.

Affected Version(s)

fossbilling/fossbilling < 0.5.0

References

https://huntr.dev/bounties/97ecf4b8-7eeb-4e39-917c-266026...

https://github.com/fossbilling/fossbilling/commit/b65a75f...

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

CVSS V3.0

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 14, 2023
Vulnerability Reserved
Jun 14, 2023

CVE-2023-3227 Data

JSON