CVE-2023-32311

Published: May 26, 2023Modified: Jan 14, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

CloudExplorer Lite is an open source cloud management platform. In CloudExplorer Lite prior to version 1.1.0 users organization/workspace permissions are not properly checked. This allows users to add themselves to any organization. This vulnerability has been fixed in v1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.

Affected (1)

Products: Fit2cloud: Cloudexplorer

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Fit2cloud Cloudexplorer	Before 1.1.0

Related CWEs

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (3)

https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-hxjq-g9qv-pwq5

Source: security-advisories@github.com

Vendor Advisory

https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-hxjq-g9qv-pwq5

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-hxjq-g9qv-pwq5

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Vendor Advisory

Timeline

No history available yet.