{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-38752", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2023-07-25T03:35:17.588Z", "datePublished": "2023-08-09T03:29:51.888Z", "dateUpdated": "2024-10-10T18:05:51.064Z"}, "containers": {"cna": {"affected": [{"vendor": "Japan Computer Emergency Response Team Coordination Center (JPCERT/CC)", "product": "Special Interest Group Network for Analysis and Liaison ", "versions": [{"version": "versions 4.4.0 to 4.7.7 ", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the attribute information of the poster that is set as\"non-disclosure\" in the system settings."}], "problemTypes": [{"descriptions": [{"description": "Improper authorization", "lang": "en", "type": "text"}]}], "references": [{"url": "https://www.jpcert.or.jp/press/2023/PR20230807_notice.html"}, {"url": "https://jvn.jp/en/jp/JVN83334799/"}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2023-08-09T03:29:51.888Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:54:38.527Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.jpcert.or.jp/press/2023/PR20230807_notice.html", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN83334799/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-10T18:05:29.604474Z", "id": "CVE-2023-38752", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-10T18:05:51.064Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-38752", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2023-07-25T03:35:17.588Z", "datePublished": "2023-08-09T03:29:51.888Z", "dateUpdated": "2024-10-10T18:05:51.064Z"}, "containers": {"cna": {"affected": [{"vendor": "Japan Computer Emergency Response Team Coordination Center (JPCERT/CC)", "product": "Special Interest Group Network for Analysis and Liaison ", "versions": [{"version": "versions 4.4.0 to 4.7.7 ", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the attribute information of the poster that is set as\"non-disclosure\" in the system settings."}], "problemTypes": [{"descriptions": [{"description": "Improper authorization", "lang": "en", "type": "text"}]}], "references": [{"url": "https://www.jpcert.or.jp/press/2023/PR20230807_notice.html"}, {"url": "https://jvn.jp/en/jp/JVN83334799/"}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2023-08-09T03:29:51.888Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:54:38.527Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.jpcert.or.jp/press/2023/PR20230807_notice.html", "tags": ["x_transferred"]}, {"url": "https://jvn.jp/en/jp/JVN83334799/", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-38752", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-10T18:05:29.604474Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-10T18:05:43.653Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jpcert:special_interest_group_network_for_analysis_and_liaison:*:*:*:*:*:*:*:*", "matchCriteriaId": "E32EF80A-CB45-4C48-8343-9A1E6F850DC1", "versionEndIncluding": "4.7.7", "versionStartIncluding": "4.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the attribute information of the poster that is set as\"non-disclosure\" in the system settings."}], "id": "CVE-2023-38752", "lastModified": "2023-08-18T16:35:47.680", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-09T04:15:10.430", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN83334799/"}, {"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://www.jpcert.or.jp/press/2023/PR20230807_notice.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}