CVE-2023-28876
Severity Score
4.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users.
Un problema de control de acceso roto en los comentarios de los archivos cargados en Filerun hasta la ActualizaciĆ³n 20220202 permite a los atacantes eliminar comentarios en los archivos cargados por otros usuarios.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-03-27 CVE Reserved
- 2023-12-06 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://filerun.com/changelog | Release Notes |
| URL | Date | SRC |
|---|---|---|
| https://herolab.usd.de/security-advisories/usd-2022-0010 | 2024-08-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Afian Search vendor "Afian" | Filerun Search vendor "Afian" for product "Filerun" | <= 2022.02.02 Search vendor "Afian" for product "Filerun" and version " <= 2022.02.02" | - |
Affected
| ||||||