Missing Authorization Vulnerability Affects Premium Starter Templates
CVE-2023-41805

6.5MEDIUM

Key Information:

Vendor: Brainstorm Force
Status: Premium Starter Templates; Starter Templates
Vendor: CVE Published:; 19 June 2024

Summary

A missing authorization vulnerability exists in Brainstorm Force's Premium Starter Templates and Starter Templates for Astra Sites versions up to 3.2.5. This flaw may allow attackers to gain unauthorized access to certain functionalities, potentially compromising the security of affected websites. Users are recommended to apply necessary updates and review their access control configurations to mitigate any risks associated with this vulnerability.

Affected Version(s)

Premium Starter Templates <= 3.2.5

Starter Templates <= 3.2.5

References

https://patchstack.com/database/vulnerability/astra-pro-s...

vdb-entry

https://patchstack.com/database/vulnerability/astra-sites...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 19, 2024
Vulnerability Reserved
Sep 1, 2023

Collectors

NVD DatabaseMitre Database

Credit

Rafie Muhammad (Patchstack)