An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user with at least read-only permissions to access to other organization endpoints via crafted GET requests.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/psirt/FG-IR-23-408 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2024-01-10T17:51:38.440Z
Updated: 2024-08-02T21:37:54.975Z
Reserved: 2023-11-19T19:58:38.554Z
Link: CVE-2023-48783
Vulnrichment
No data.
NVD
Status : Modified
Published: 2024-01-10T18:15:46.807
Modified: 2024-11-21T08:32:26.210
Link: CVE-2023-48783
Redhat
No data.