Improper Access Control

CVE-2023-46906

Medium

4.9/10

Summary

The package juzaweb/cms is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the "timezone" field was not correctly validated.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-284 - Improper Access Control

Listed 5th in the 'OWASP Top Ten', improper (or broken) access control attacks are a fundamental type of vulnerability. This includes a broad range of design flaws that enable users to act outside of their intended permissions. They can use these privileges to gain access to restricted files and functionality such as accessing restricted information, falsifying records, destroying data, or executing commands.

References

Advisory
POC/Exploit

Advisory Timeline

Published Jan 09, 2024

Improper Access Control

CVE-2023-46906

Summary

CWE-284 - Improper Access Control

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS