CVE-2023-32669

Name of the Vulnerable Software and Affected Versions BuddyBoss version 2.2.9

Description The issue allows an authenticated user to access and rename other users' albums by exploiting an authorization bypass vulnerability. This can be done by changing the album identification (id).

Recommendations For BuddyBoss version 2.2.9, consider restricting access to album renaming functionality until a patch is available. As a temporary workaround, monitor album modifications closely to detect potential unauthorized changes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.