CVE-2023-2104

Name of the Vulnerable Software and Affected Versions alextselegidis/easyappointments versions prior to 1.5.0

Description The issue is related to improper access control, allowing one provider to view and edit other providers' appointment details. A patch is available and is anticipated to be part of version 1.5.0.

Recommendations For versions prior to 1.5.0, update to version 1.5.0 or apply the patch available at commit 75b24735767868344193fb2cc56e17ee4b9ac4be to resolve the issue. As a temporary workaround, consider restricting access to appointment details for providers to minimize the risk of exploitation.