CVE-2023-27257 - OpenCVE

Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Idattend	Idweb

Configuration 1 [-]

cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*

References

Link	Resource
https://www.themissinglink.com.au/security-advisories/cve-2023-27257	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: TML

Published: 2023-10-25T10:15:17.834Z

Updated: 2023-10-26T06:36:11.557Z

Reserved: 2023-02-27T05:41:59.845Z

Link: CVE-2023-27257

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-25T18:17:26.410

Modified: 2023-10-28T03:19:47.833

Link: CVE-2023-27257

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:idattend:idweb:*:*:*:*:*:*:*:*", "matchCriteriaId": "1BAFE4C9-F4BD-4B37-87D3-B0A399AD114B", "versionEndIncluding": "3.1.052", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Missing authentication in the GetActiveToiletPasses method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers. "}, {"lang": "es", "value": "La falta de autenticaci\u00f3n en el m\u00e9todo GetActiveToiletPasses en la aplicaci\u00f3n IDWeb de IDAttend 3.1.052 y versiones anteriores permite que atacantes no autenticados recuperen la informaci\u00f3n de los estudiantes."}], "id": "CVE-2023-27257", "lastModified": "2023-10-28T03:19:47.833", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "vdp@themissinglink.com.au", "type": "Secondary"}]}, "published": "2023-10-25T18:17:26.410", "references": [{"source": "vdp@themissinglink.com.au", "tags": ["Third Party Advisory"], "url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27257"}], "sourceIdentifier": "vdp@themissinglink.com.au", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "vdp@themissinglink.com.au", "type": "Secondary"}]}