CVE-2023-43194

Name of the Vulnerable Software and Affected Versions Submitty versions prior to 22.06.00

Description The issue allows an attacker to delete any post in the forum by modifying a request parameter, due to incorrect access control. This can be achieved by altering the request parameter, although the specific parameter name is not provided. The attack vector involves manipulating this parameter to gain unauthorized access to post deletion functionality.

Recommendations For versions prior to 22.06.00, update to version 22.06.00 or later to resolve the issue. As a temporary workaround, consider restricting access to the forum post deletion functionality until a patch is applied. Avoid using modified request parameters in the affected API endpoint until the issue is resolved.