9.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Exploitability: 3.9 / Impact: 5.2
Source: NVD
Description
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.
Affected (1)
Products: Easyappointments: Easyappointments
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.4.3 |
Related CWEs
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
The product does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected.
CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
References (8)
Source: security@huntr.dev
ExploitThird Party AdvisoryVDB Entry
Source: security@huntr.dev
PatchThird Party Advisory
Source: security@huntr.dev
ExploitPatchThird Party Advisory
Source: security@huntr.dev
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Timeline
No history available yet.