CVE-2023-6554
Missing authorisation in TCExam
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers.
Cuando el acceso a la carpeta "admin" no está protegido por algunos mecanismos de autorización externos, por ejemplo, Apache Basic Auth, cualquier usuario puede descargar información protegida, como las respuestas de los exámenes.
*Credits:
Krzysztof Zając (CERT.PL)
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-12-06 CVE Reserved
- 2024-01-11 CVE Published
- 2024-01-19 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://cert.pl/en/posts/2024/01/CVE-2023-6554 | Third Party Advisory | |
https://cert.pl/posts/2024/01/CVE-2023-6554 | Third Party Advisory | |
https://tcexam.org | Product |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|