Home > Vulnerability Database > CVE-2023-27485

Mend.io Vulnerability Database

CVE-2023-27485

Date: March 7, 2023

thmmniii/fbs-core is an open source feedback system for students. In versions prior to 1.5.3 when querying "subresults", it is possible to query "subresults" from other users due to insufficient authorisation. This is only possible for logged-in users and it is not possible to associate the subresults with a specific user. This bug was fixed in commit "f1ae67d8bb2"and released with version 1.5.3. Users are advised to upgrade. There are no known workarounds for this issue.

Language: SCALA

Severity Score

4.3

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-27485

Url: https://github.com/thm-mni-ii/feedbacksystem/security/advisories/GHSA-fhq8-p3w6-mmgr

Url: https://thm-mni-ii.github.io/feedbacksystem/api-docs/#tag/Submission/operation/getCourseTaskSubmissionSubresults

Url: https://github.com/thm-mni-ii/feedbacksystem/releases/tag/v1.5.3

Url: https://github.com/thm-mni-ii/feedbacksystem/commit/f1ae67d8bb2286a8eb15949038473d41b1358493

Url: https://www.mend.io/vulnerability-database/CVE-2023-27485

Severity Score

4.3

Weakness Type (CWE)

Incorrect Authorization

CWE-863

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-27485

Date: March 7, 2023

Language: SCALA

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?