CVE-2023-7210

Name of the Vulnerable Software and Affected Versions OneNav versions up to 0.9.33

Description A critical issue affects the API component of OneNav, specifically the /index.php?c=api file. The manipulation of the X-Token argument leads to improper authentication, allowing remote attacks. This issue may impact the confidentiality, integrity, and availability of protected information.

Recommendations For OneNav versions up to 0.9.33, consider disabling the API endpoint "/index.php?c=api" or restricting access to it until a fix is available. Additionally, avoid using the X-Token argument in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.