CVE-2023-37890

{"id": "CVE-2023-37890", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2023-11-30T16:15:09.267", "references": [{"url": "https://patchstack.com/database/vulnerability/kb-support/wordpress-kb-support-wordpress-help-desk-plugin-1-5-88-sensitive-data-exposure-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/kb-support/wordpress-kb-support-wordpress-help-desk-plugin-1-5-88-sensitive-data-exposure-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-862"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in WPOmnia KB Support \u2013 WordPress Help Desk and Knowledge Base allows Accessing Functionality Not Properly Constrained by ACLs.\u00a0Users with a role as low as a subscriber can view other customers.This issue affects KB Support \u2013 WordPress Help Desk and Knowledge Base: from n/a through 1.5.88.\n\n"}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en WPOmnia KB Support \u2013 WordPress Help Desk and Knowledge Base permite Accessing Functionality Not Properly Constrained by ACLs. Los usuarios con un rol tan bajo como suscriptor pueden ver a otros clientes. Este problema afecta a KB Support \u2013 WordPress Help Desk and Knowledge Base: desde n/a hasta 1.5.88."}], "lastModified": "2025-02-11T13:14:42.600", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:logon:kb_support:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "78F0A6E6-B8B6-4FD1-AF8C-D77595031AD8", "versionEndIncluding": "1.5.88"}], "operator": "OR"}]}], "sourceIdentifier": "audit@patchstack.com"}