CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3288 – A BOLA vulnerability in POST /providers in EasyAppointments < 1.5.0
https://notcve.org/view.php?id=CVE-2023-3288
09 Jul 2024 — A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user (provider) in the system. This results in privilege escalation. Una vulnerabilidad BOLA en POST /providers permite a un usuario con pocos privilegios crear un usuario privilegiado (proveedor) en el sistema. Esto da como resultado una escalada de privilegios. • https://github.com/alextselegidis/easyappointments • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38055 – A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} in EasyAppointments < 1.5.0
https://notcve.org/view.php?id=CVE-2023-38055
09 Jul 2024 — A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to fetch, modify or delete the services of any user (including admin). This results in unauthorized access and unauthorized data manipulation. Una vulnerabilidad BOLA en GET, PUT, DELETE /services/{serviceId} permite a un usuario con pocos privilegios recuperar, modificar o eliminar los servicios de cualquier usuario (incluido el administrador). Esto da como resultado un acceso no autorizado y una manipulación de dat... • https://github.com/alextselegidis/easyappointments • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38054 – A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} in EasyAppointments < 1.5.0
https://notcve.org/view.php?id=CVE-2023-38054
09 Jul 2024 — A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer). This results in unauthorized access and unauthorized data manipulation. Una vulnerabilidad BOLA en GET, PUT, DELETE /customers/{customerId} permite a un usuario con pocos privilegios buscar, modificar o eliminar a un usuario con pocos privilegios (cliente). Esto da como resultado un acceso no autorizado y una manipulación de datos no autorizada. • https://github.com/alextselegidis/easyappointments • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38053 – A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} in EasyAppointments < 1.5.0
https://notcve.org/view.php?id=CVE-2023-38053
09 Jul 2024 — A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to fetch, modify or delete the settings of any user (including admin). This results in unauthorized access and unauthorized data manipulation. Una vulnerabilidad BOLA en GET, PUT, DELETE /settings/{settingName} permite a un usuario con pocos privilegios recuperar, modificar o eliminar la configuración de cualquier usuario (incluido el administrador). Esto da como resultado un acceso no autorizado y una manipulación... • https://github.com/alextselegidis/easyappointments • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38052 – A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} in EasyAppointments < 1.5.0
https://notcve.org/view.php?id=CVE-2023-38052
09 Jul 2024 — A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch, modify or delete a high privileged user (admin). This results in unauthorized access and unauthorized data manipulation. Una vulnerabilidad BOLA en GET, PUT, DELETE /admins/{adminId} permite a un usuario con pocos privilegios buscar, modificar o eliminar a un usuario con muchos privilegios (admin). Esto da como resultado un acceso no autorizado y una manipulación de datos no autorizada. • https://github.com/alextselegidis/easyappointments • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38051 – A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} in EasyAppointments < 1.5.0
https://notcve.org/view.php?id=CVE-2023-38051
09 Jul 2024 — A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user to fetch, modify or delete a low privileged user (secretary). This results in unauthorized access and unauthorized data manipulation. Una vulnerabilidad BOLA en GET, PUT, DELETE /secretaries/{secretaryId} permite a un usuario con pocos privilegios buscar, modificar o eliminar a un usuario con pocos privilegios (secretaria). Esto da como resultado un acceso no autorizado y una manipulación de datos no autorizada. • https://github.com/alextselegidis/easyappointments • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38050 – A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} in EasyAppointments < 1.5.0
https://notcve.org/view.php?id=CVE-2023-38050
09 Jul 2024 — A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to fetch, modify or delete a webhook of any user (including admin). This results in unauthorized access and unauthorized data manipulation. Una vulnerabilidad BOLA en GET, PUT, DELETE /webhooks/{webhookId} permite a un usuario con pocos privilegios recuperar, modificar o eliminar un webhook de cualquier usuario (incluido el administrador). Esto da como resultado un acceso no autorizado y una manipulación de datos no ... • https://github.com/alextselegidis/easyappointments • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-38049 – A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} in EasyAppointments < 1.5.0
https://notcve.org/view.php?id=CVE-2023-38049
09 Jul 2024 — A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged user to fetch, modify or delete an appointment of any user (including admin). This results in unauthorized access and unauthorized data manipulation. Una vulnerabilidad BOLA en GET, PUT, DELETE /appointments/{appointmentId} permite a un usuario con pocos privilegios buscar, modificar o eliminar una cita de cualquier usuario (incluido el administrador). Esto da como resultado un acceso no autorizado y una manipulac... • https://github.com/alextselegidis/easyappointments • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38048 – A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} in EasyAppointments < 1.5.0
https://notcve.org/view.php?id=CVE-2023-38048
09 Jul 2024 — A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to fetch, modify or delete a privileged user (provider). This results in unauthorized access and unauthorized data manipulation. Una vulnerabilidad BOLA en GET, PUT, DELETE /providers/{providerId} permite a un usuario con pocos privilegios buscar, modificar o eliminar un usuario privilegiado (proveedor). Esto da como resultado un acceso no autorizado y una manipulación de datos no autorizada. • https://github.com/alextselegidis/easyappointments • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38047 – A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} in EasyAppointments < 1.5.0.
https://notcve.org/view.php?id=CVE-2023-38047
09 Jul 2024 — A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to fetch, modify or delete the category of any user (including admin). This results in unauthorized access and unauthorized data manipulation. Una vulnerabilidad BOLA en GET, PUT, DELETE /categories/{categoryId} permite a un usuario con pocos privilegios buscar, modificar o eliminar la categoría de cualquier usuario (incluido el administrador). Esto da como resultado un acceso no autorizado y una manipulación de d... • https://github.com/alextselegidis/easyappointments • CWE-639: Authorization Bypass Through User-Controlled Key •