Missing Authorization Vulnerability Affects AutomateWoo
CVE-2023-36512
6.5MEDIUM
Summary
A Missing Authorization vulnerability has been identified in Woo AutomateWoo, which allows unauthorized access to restricted functionalities. This vulnerability can lead to unauthorized actions being executed on behalf of users. Systems utilizing AutomateWoo versions from n/a through 5.7.5 are at risk. Mitigating this vulnerability requires strict authorization checks to be enforced across all user permissions and functionalities to maintain security integrity.
Affected Version(s)
AutomateWoo <= 5.7.5
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Rafie Muhammad (Patchstack)