CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32316 – Users can add themselves to any organization in CloudExplorer Lite
https://notcve.org/view.php?id=CVE-2023-32316
CloudExplorer Lite is an open source cloud management tool. In affected versions users can add themselves to any organization in CloudExplorer Lite. This is due to a missing permission check on the user profile. It is recommended to upgrade the version to v1.1.0. There are no known workarounds for this vulnerability. • https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-cp3j-437h-4vwj • CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32311 – The CloudExplorer Lite missing permissions check
https://notcve.org/view.php?id=CVE-2023-32311
CloudExplorer Lite is an open source cloud management platform. In CloudExplorer Lite prior to version 1.1.0 users organization/workspace permissions are not properly checked. This allows users to add themselves to any organization. This vulnerability has been fixed in v1.1.0. Users are advised to upgrade. • https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-hxjq-g9qv-pwq5 • CWE-862: Missing Authorization •