PT-2023-28319 · Unknown · Fl3Xx Dispatch+1

Published

2023-09-20

Updated

2023-09-22

CVE-2023-42334

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Fl3xx Dispatch version 2.10.37 fl3xx Crew version 2.10.37

Description An Indirect Object Reference (IDOR) issue allows a remote attacker to escalate privileges via the user parameter. This enables the attacker to potentially gain unauthorized access to sensitive information or perform actions that would normally be restricted.

Recommendations For Fl3xx Dispatch version 2.10.37, consider disabling the functionality that utilizes the user parameter until a patch is available. For fl3xx Crew version 2.10.37, restrict access to the component that uses the user parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-639

Related Identifiers

CVE-2023-42334

Affected Products

Fl3Xx Dispatch

Fl3Xx Crew

PT-2023-28319 · Unknown · Fl3Xx Dispatch+1

CVE-2023-42334

Weakness Enumeration

Related Identifiers

Affected Products

References · 8