CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38054 – A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} in EasyAppointments < 1.5.0
https://notcve.org/view.php?id=CVE-2023-38054
09 Jul 2024 — A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer). This results in unauthorized access and unauthorized data manipulation. Una vulnerabilidad BOLA en GET, PUT, DELETE /customers/{customerId} permite a un usuario con pocos privilegios buscar, modificar o eliminar a un usuario con pocos privilegios (cliente). Esto da como resultado un acceso no autorizado y una manipulación de datos no autorizada. • https://github.com/alextselegidis/easyappointments • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38049 – A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} in EasyAppointments < 1.5.0
https://notcve.org/view.php?id=CVE-2023-38049
09 Jul 2024 — A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged user to fetch, modify or delete an appointment of any user (including admin). This results in unauthorized access and unauthorized data manipulation. Una vulnerabilidad BOLA en GET, PUT, DELETE /appointments/{appointmentId} permite a un usuario con pocos privilegios buscar, modificar o eliminar una cita de cualquier usuario (incluido el administrador). Esto da como resultado un acceso no autorizado y una manipulac... • https://github.com/alextselegidis/easyappointments • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-3290 – A BOLA vulnerability in POST /customers in EasyAppointments < 1.5.0
https://notcve.org/view.php?id=CVE-2023-3290
09 Jul 2024 — A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system. This results in unauthorized data manipulation. Una vulnerabilidad BOLA en POST /customers permite a un usuario con pocos privilegios crear un usuario con pocos privilegios (cliente) en el sistema. Esto da como resultado una manipulación de datos no autorizada. • https://github.com/alextselegidis/easyappointments • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3285 – A BOLA vulnerability in POST /appointments in EasyAppointments < 1.5.0
https://notcve.org/view.php?id=CVE-2023-3285
09 Jul 2024 — A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment for any user in the system (including admin). This results in unauthorized data manipulation. Una vulnerabilidad BOLA en POST /appointments permite a un usuario con pocos privilegios crear una cita para cualquier usuario del sistema (incluido el administrador). Esto da como resultado una manipulación de datos no autorizada. • https://github.com/alextselegidis/easyappointments • CWE-639: Authorization Bypass Through User-Controlled Key •