CVE-2023-38872

Name of the Vulnerable Software and Affected Versions gugoan Economizzer versions 0.9-beta1 gugoan Economizzer commit 3730880

Description An Insecure Direct Object Reference (IDOR) vulnerability allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment.

Recommendations For gugoan Economizzer version 0.9-beta1, consider restricting access to cash book entry attachments until a patch is available. For gugoan Economizzer commit 3730880, avoid using the attachment Id in unauthenticated requests to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.