CVE-2023-40362

Published: Jan 12, 2024Modified: Jun 20, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known.

Affected (1)

Products: Centralsquare: Click2gov Building Permit

1 product

Click2gov Building Permit

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Centralsquare Click2gov Building Permit	All versions

Related CWEs

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (4)

https://github.com/ally-petitt/CVE-2023-40362

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.classaction.org/news/centralsquare-hit-with-class-action-over-2017-2018-click2gov-data-breach

Source: cve@mitre.org

Press/Media CoverageVendor Advisory

https://github.com/ally-petitt/CVE-2023-40362

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.classaction.org/news/centralsquare-hit-with-class-action-over-2017-2018-click2gov-data-breach

Source: af854a3a-2127-422b-91ae-364da2661108

Press/Media CoverageVendor Advisory

Timeline

No history available yet.