CVE-2023-31182 - OpenCVE

EasyTor Applications – Authorization Bypass - EasyTor Applications may allow authorization bypass via unspecified method.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Easytor	Easytor

Configuration 1 [-]

cpe:2.3:a:easytor:easytor:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.gov.il/en/Departments/faq/cve_advisories

History

No history.

MITRE

Status: PUBLISHED

Assigner: INCD

Published: 2023-05-08T00:00:00

Updated: 2024-08-02T14:45:25.824Z

Reserved: 2023-04-24T23:25:07.107Z

Link: CVE-2023-31182

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-05-08T21:15:12.150

Modified: 2023-05-15T16:50:15.150

Link: CVE-2023-31182

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "assignerShortName": "INCD", "cveId": "CVE-2023-31182", "state": "PUBLISHED", "dateUpdated": "2024-08-02T14:45:25.824Z", "datePublished": "2023-05-08T00:00:00", "dateReserved": "2023-04-24T23:25:07.107Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "EasyTor Applications", "vendor": "EasyTor Applications", "versions": [{"lessThan": "Update to latest version of the application.", "status": "affected", "version": "All versions", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Tal Saadi"}], "datePublic": "2023-05-08T11:19:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\"> EasyTor Applications \u2013 Authorization Bypass - EasyTor Applications may allow authorization bypass via unspecified method.</span>\n\n<br>\n\n"}], "value": "\n EasyTor Applications \u2013 Authorization Bypass - EasyTor Applications may allow authorization bypass via unspecified method.\n\n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2023-05-17T21:59:10.512Z", "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f", "shortName": "INCD"}, "references": [{"url": "https://www.gov.il/en/Departments/faq/cve_advisories"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Update to latest version of the application.</span>\n\n<br>"}], "value": "\nUpdate to latest version of the application.\n\n\n"}], "source": {"advisory": "ILVN-2023-0099", "discovery": "UNKNOWN"}, "title": " EasyTor Applications \u2013 Authorization Bypass", "x_generator": {"engine": "SecretariatVulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:45:25.824Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.gov.il/en/Departments/faq/cve_advisories", "tags": ["x_transferred"]}]}]}}