CVE-2023-37749

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions HubSpot version 1.29441

Description An issue exists in the REST API endpoint of HubSpot that allows unauthenticated attackers to view users' data without proper authorization due to incorrect access control. The API endpoint ''/api/v1/users'' is vulnerable. The vulnerable parameter is user id.

Recommendations Apply updated access controls to the REST API endpoint to ensure proper authentication and authorization mechanisms are in place. Restrict access to the API endpoint ''/api/v1/users'' to authenticated users only.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2023-37749

Affected Products

Hubspot

CVE-2023-37749

Weakness Enumeration

Related Identifiers

Affected Products

References · 6