CVE-2023-32669 Information

Description

Authorization bypass vulnerability in BuddyBoss 2.2.9 version the exploitation of which could allow an authenticated user to access and rename other users’ albums. This vulnerability can be exploited by changing the album identification (id).

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Reference

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-budyboss

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4