← Back to CVEs
CVE-2023-38752
MEDIUM4.3
Description
Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the attribute information of the poster that is set as"non-disclosure" in the system settings.
CVE Details
CVSS v3.1 Score4.3
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published8/9/2023
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
jpcert:special_interest_group_network_for_analysis_and_liaison
References
https://jvn.jp/en/jp/JVN83334799/(vultures@jpcert.or.jp)
https://www.jpcert.or.jp/press/2023/PR20230807_notice.html(vultures@jpcert.or.jp)
https://jvn.jp/en/jp/JVN83334799/(af854a3a-2127-422b-91ae-364da2661108)
https://www.jpcert.or.jp/press/2023/PR20230807_notice.html(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.