A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment for any user in the system (including admin). This results in unauthorized data manipulation.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: palo_alto

Published: 2024-07-09T09:37:24.189Z

Updated: 2024-08-02T06:48:08.473Z

Reserved: 2023-06-15T23:55:48.796Z

Link: CVE-2023-3285

cve-icon Vulnrichment

Updated: 2024-08-02T06:48:08.473Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-07-09T10:15:02.380

Modified: 2024-07-09T18:19:14.047

Link: CVE-2023-3285

cve-icon Redhat

No data.