Improper Authorization
CVE-2023-24476
Summary
An attacker with local access to the machine could record the traffic, which could allow them to resend requests without the server authenticating that the user or session are valid.
- HIGH
- LOCAL
- NONE
- UNCHANGED
- REQUIRED
- HIGH
- LOW
- NONE
CWE-285 - Improper Authorization
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
References
Advisory Timeline
- Published
