Incorrect Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v2

Vendors Products
Firefly-iii
  • Firefly Iii

Configuration 1 [-]

cpe:2.3:a:firefly-iii:firefly_iii:*:*:*:*:*:*:*:*
References
Link Resource
https://github.com/firefly-iii/firefly-iii/commit/db0500dcf0d4f1990fc7a377ef0d56c3884fcaa4 Patch Third Party Advisory
https://huntr.dev/bounties/9689052c-c1d7-4aae-aa08-346c9b6e04ed Exploit Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: @huntrdev

Published: 2023-01-14T00:00:00

Updated: 2023-03-02T00:00:00

Reserved: 2023-01-14T00:00:00

Link: CVE-2023-0298

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2023-01-14T08:15:13.110

Modified: 2023-03-02T02:15:41.390

Link: CVE-2023-0298

JSON object: View

cve-icon Redhat Information

No data.

CWE