fkie_nvd - fkie_cve-2023-5321

FKIE_CVE-2023-5321

Vulnerability from fkie_nvd - Published: 2023-09-30 14:15 - Updated: 2024-11-21 08:41

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

Missing Authorization in GitHub repository hamza417/inure prior to build94.

References

URL	Tags
security@huntr.dev	https://github.com/hamza417/inure/commit/57fda918bfd2fb863f579841a46363fe8e10c29b	Patch
security@huntr.dev	https://huntr.dev/bounties/b1becc68-e738-458f-bd99-06ee77580d3a	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://github.com/hamza417/inure/commit/57fda918bfd2fb863f579841a46363fe8e10c29b	Patch
af854a3a-2127-422b-91ae-364da2661108	https://huntr.dev/bounties/b1becc68-e738-458f-bd99-06ee77580d3a	Exploit

Impacted products

Vendor	Product	Version
hamza417	inure	build44
hamza417	inure	build45
hamza417	inure	build46
hamza417	inure	build47
hamza417	inure	build48
hamza417	inure	build49
hamza417	inure	build51
hamza417	inure	build52
hamza417	inure	build53
hamza417	inure	build55
hamza417	inure	build56
hamza417	inure	build57
hamza417	inure	build58
hamza417	inure	build59
hamza417	inure	build60
hamza417	inure	build61
hamza417	inure	build62
hamza417	inure	build63
hamza417	inure	build64
hamza417	inure	build65
hamza417	inure	build66
hamza417	inure	build67
hamza417	inure	build68
hamza417	inure	build69
hamza417	inure	build70
hamza417	inure	build71
hamza417	inure	build72
hamza417	inure	build73
hamza417	inure	build74
hamza417	inure	build75
hamza417	inure	build76
hamza417	inure	build77
hamza417	inure	build78
hamza417	inure	build79
hamza417	inure	build80
hamza417	inure	build83
hamza417	inure	build85
hamza417	inure	build86
hamza417	inure	build87
hamza417	inure	build88
hamza417	inure	build89
hamza417	inure	build92
hamza417	inure	build93

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build44:*:*:*:*:android:*:*",
              "matchCriteriaId": "87394290-8249-483E-A8A0-2FBCF75A1051",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build45:*:*:*:*:android:*:*",
              "matchCriteriaId": "2A843F84-D761-487B-A93E-B8E76AA8E365",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build46:*:*:*:*:android:*:*",
              "matchCriteriaId": "A091386E-FEA7-4B3A-810B-466F2BABC352",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build47:*:*:*:*:android:*:*",
              "matchCriteriaId": "3037260D-E131-4EDE-9189-B1FB0A5A5429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build48:*:*:*:*:android:*:*",
              "matchCriteriaId": "3C15666B-5CD6-49F9-BD6E-1F89C55E1E5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build49:*:*:*:*:android:*:*",
              "matchCriteriaId": "94983588-9C53-46DD-B7F2-E48967B55DEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build51:*:*:*:*:android:*:*",
              "matchCriteriaId": "FE23796A-FD93-475A-828E-BD42F7C27851",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build52:*:*:*:*:android:*:*",
              "matchCriteriaId": "5D5B20EF-6DB4-46A2-9FB9-03A5773632B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build53:*:*:*:*:android:*:*",
              "matchCriteriaId": "6B969370-88D9-4059-B91B-BF9BC1621DF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build55:*:*:*:*:android:*:*",
              "matchCriteriaId": "7E9567E1-7561-4E13-91F0-DF34E30C8259",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build56:*:*:*:*:android:*:*",
              "matchCriteriaId": "EC5D4C76-982F-48CF-A82E-6CCDC8925115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build57:*:*:*:*:android:*:*",
              "matchCriteriaId": "611070EE-763F-459F-8B9D-89C55997D8F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build58:*:*:*:*:android:*:*",
              "matchCriteriaId": "6B638451-2C56-48F8-903E-D2FCFB0645D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build59:*:*:*:*:android:*:*",
              "matchCriteriaId": "97DADF5F-0278-492D-8B1E-48CA370669A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build60:*:*:*:*:android:*:*",
              "matchCriteriaId": "5D1D5563-CD34-4E56-B8B5-8587E5E9F35F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build61:*:*:*:*:android:*:*",
              "matchCriteriaId": "2E747A57-6A29-4185-9312-FBE54E867F44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build62:*:*:*:*:android:*:*",
              "matchCriteriaId": "831150BC-FAF5-4F72-B344-10988D9CABCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build63:*:*:*:*:android:*:*",
              "matchCriteriaId": "EA698C87-4CCD-4857-A85C-D09741D8D38C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build64:*:*:*:*:android:*:*",
              "matchCriteriaId": "B8C7AAE5-4EAA-475E-AB89-1F29C8FB4B64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build65:*:*:*:*:android:*:*",
              "matchCriteriaId": "9D51C065-4487-4802-9BD9-10ED0387DF0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build66:*:*:*:*:android:*:*",
              "matchCriteriaId": "C8BEFFEB-CAE5-499B-B815-1CD205F39434",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build67:*:*:*:*:android:*:*",
              "matchCriteriaId": "2CF8D831-DF7C-446E-93F8-3D5AE164A427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build68:*:*:*:*:android:*:*",
              "matchCriteriaId": "F26BFF90-A51B-4027-9143-4B61B12A1CCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build69:*:*:*:*:android:*:*",
              "matchCriteriaId": "83A39BFC-4974-4213-8E4A-DBFCFB61B4DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build70:*:*:*:*:android:*:*",
              "matchCriteriaId": "28379D90-2075-41EC-BB8F-55C71C79FE30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build71:*:*:*:*:android:*:*",
              "matchCriteriaId": "4D89556A-C668-4AAF-B914-F9E73AEA7C54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build72:*:*:*:*:android:*:*",
              "matchCriteriaId": "60FB0F45-8232-4B63-9A89-E416E1C46132",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build73:*:*:*:*:android:*:*",
              "matchCriteriaId": "476FAE2E-BA3D-4431-B66C-59BEF5FAE401",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build74:*:*:*:*:android:*:*",
              "matchCriteriaId": "2F2DD2A7-FA45-48F5-816E-BEEF1ED98180",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build75:*:*:*:*:android:*:*",
              "matchCriteriaId": "9F91A3B6-44E8-4D4E-B39B-1A24955D52B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build76:*:*:*:*:android:*:*",
              "matchCriteriaId": "327CF0CC-7D07-4FE8-844F-DC4A67339FCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build77:*:*:*:*:android:*:*",
              "matchCriteriaId": "954BF3FA-22BF-4789-A8D3-D4CE046A0309",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build78:*:*:*:*:android:*:*",
              "matchCriteriaId": "09C5A9B4-860C-482B-95A8-D9E2384E090E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build79:*:*:*:*:android:*:*",
              "matchCriteriaId": "CFBAB653-08B9-44A1-B918-EE1E2518C09C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build80:*:*:*:*:android:*:*",
              "matchCriteriaId": "AA445E51-8A00-4298-BE11-A6C1EF5A3B69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build83:*:*:*:*:android:*:*",
              "matchCriteriaId": "499604F5-2385-4444-B47A-C88BEF3DE04F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build85:*:*:*:*:android:*:*",
              "matchCriteriaId": "E465B1F6-B513-49C6-ADB2-C7969EBB8B30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build86:*:*:*:*:android:*:*",
              "matchCriteriaId": "6C6937BF-2A9A-43CC-B281-72C5C5D61B1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build87:*:*:*:*:android:*:*",
              "matchCriteriaId": "E5DB21B5-7B52-433E-B18B-E24B56DFF2F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build88:*:*:*:*:android:*:*",
              "matchCriteriaId": "EC172BAC-6564-4E9F-80E1-CC8B91052944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build89:*:*:*:*:android:*:*",
              "matchCriteriaId": "FE10EAA2-6C78-461A-8080-C7C4795195CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build92:*:*:*:*:android:*:*",
              "matchCriteriaId": "0C973B0B-F663-4144-921C-D31A637A36D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hamza417:inure:build93:*:*:*:*:android:*:*",
              "matchCriteriaId": "126E9031-87AA-4776-A366-80DCE9A51978",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Missing Authorization in GitHub repository hamza417/inure prior to build94."
    },
    {
      "lang": "es",
      "value": "Falta autorizaci\u00f3n en el repositorio de GitHub hamza417/inure antes de build94."
    }
  ],
  "id": "CVE-2023-5321",
  "lastModified": "2024-11-21T08:41:31.507",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 2.5,
        "source": "security@huntr.dev",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-09-30T14:15:15.843",
  "references": [
    {
      "source": "security@huntr.dev",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/hamza417/inure/commit/57fda918bfd2fb863f579841a46363fe8e10c29b"
    },
    {
      "source": "security@huntr.dev",
      "tags": [
        "Exploit"
      ],
      "url": "https://huntr.dev/bounties/b1becc68-e738-458f-bd99-06ee77580d3a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/hamza417/inure/commit/57fda918bfd2fb863f579841a46363fe8e10c29b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://huntr.dev/bounties/b1becc68-e738-458f-bd99-06ee77580d3a"
    }
  ],
  "sourceIdentifier": "security@huntr.dev",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "security@huntr.dev",
      "type": "Primary"
    }
  ]
}

CVE-2023-5321 (GCVE-0-2023-5321)

Vulnerability from cvelistv5 – Published: 2023-09-30 13:43 – Updated: 2024-09-23 15:59

Summary

Missing Authorization in GitHub repository hamza417/inure prior to build94.

Severity ?

5.1 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-862 - Missing Authorization

Assigner

@huntrdev

References

URL

Tags

	https://huntr.dev/bounties/b1becc68-e738-458f-bd9…
	https://github.com/hamza417/inure/commit/57fda918…

Impacted products

	Vendor	Product	Version
	hamza417	hamza417/inure	Affected: unspecified , < build94 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:52:08.587Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/b1becc68-e738-458f-bd99-06ee77580d3a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/hamza417/inure/commit/57fda918bfd2fb863f579841a46363fe8e10c29b"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-5321",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-23T15:58:24.704049Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-23T15:59:12.649Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "hamza417/inure",
          "vendor": "hamza417",
          "versions": [
            {
              "lessThan": "build94",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Missing Authorization in GitHub repository hamza417/inure prior to build94."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-30T13:43:14.012Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "url": "https://huntr.dev/bounties/b1becc68-e738-458f-bd99-06ee77580d3a"
        },
        {
          "url": "https://github.com/hamza417/inure/commit/57fda918bfd2fb863f579841a46363fe8e10c29b"
        }
      ],
      "source": {
        "advisory": "b1becc68-e738-458f-bd99-06ee77580d3a",
        "discovery": "EXTERNAL"
      },
      "title": "Missing Authorization in hamza417/inure"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2023-5321",
    "datePublished": "2023-09-30T13:43:14.012Z",
    "dateReserved": "2023-09-30T13:43:01.219Z",
    "dateUpdated": "2024-09-23T15:59:12.649Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2023-5321

CVE-2023-5321 (GCVE-0-2023-5321)

Tags

Sightings

Nomenclature