Authorization Flaw in Cerebrate Allows User Settings Alteration by Unauthorized Users
CVE-2023-41363

4.3MEDIUM

Key Information:

Vendor: Cerebrate-project
Status: Cerebrate
Vendor: CVE Published:; 29 August 2023

🔔 Create Cerebrate-project Vulnerability Alert

What is CVE-2023-41363?

In Cerebrate version 1.14, a flaw exists within the UserSettingsController that permits authenticated users to modify the preferences and settings of other users. This oversight creates a significant security risk, enabling misuse by privileged users and potentially compromising individual user accounts. Remediation is vital to prevent unauthorized access and alterations.

References

https://github.com/cerebrate-project/cerebrate/commit/8e6...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 29, 2023
Vulnerability Reserved
Aug 29, 2023

CVE-2023-41363 Data

JSON