Missing Authorization in fossbilling/fossbilling
CVE-2023-3230
7.5HIGH
What is CVE-2023-3230?
A missing authorization vulnerability in FossBilling versions prior to 0.5.0 allows unauthorized users to access sensitive functionalities or data. This flaw stems from inadequate checks on user permissions which could lead to potential exploitation by malicious actors. It is crucial for users of affected versions to upgrade to at least version 0.5.0 to mitigate risks associated with unauthorized access.
Affected Version(s)
fossbilling/fossbilling < 0.5.0
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
CVSS V3.0
Score:
4.6
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved