We found results for “”
WS-2022-0256
Good to know:
Date: August 3, 2022
Due to Improper Access Control, bookwyrm is vulnerable to Insecure direct object references (IDOR). This allows an attacker to create a group on other users' accounts, and affect the logic of the application. Version 0.4.5 contains a patch for this issue.
Language: Python
Severity Score
Severity Score
Weakness Type (CWE)
Improper Access Control
CWE-284Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | LOW |