CVE-2023-2202
published 2023-04-21CVE-2023-2202: Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3.
PriorityP335medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.54%
41.2th percentile
Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| francoisjacquet | francoisjacquet_rosariosis | >= unspecified < 10.9.3 | 10.9.3 |
| francoisjacquet | rosariosis | >= 0 < 10.9.3 | 10.9.3 |
| rosariosis | rosariosis | < 10.9.3 | 10.9.3 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv3.04.6MEDIUMCVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
RosarioSIS improper access control vulnerability
osv·2023-04-21
CVE-2023-2202 [MEDIUM] RosarioSIS improper access control vulnerability
RosarioSIS improper access control vulnerability
RosarioSIS prior to version 10.9.3 has a vulnerability that allows a user to return to a page containing personally identifiable information (PII) and sensitive information even after logging out of the application by using the browser's back button.
GHSA
RosarioSIS improper access control vulnerability
ghsa·2023-04-21
CVE-2023-2202 [MEDIUM] CWE-284 RosarioSIS improper access control vulnerability
RosarioSIS improper access control vulnerability
RosarioSIS prior to version 10.9.3 has a vulnerability that allows a user to return to a page containing personally identifiable information (PII) and sensitive information even after logging out of the application by using the browser's back button.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/francoisjacquet/rosariosis/commit/6433946abfb34324616e833b1c00d0b2450753behttps://huntr.dev/bounties/efe6ef47-d17c-4773-933a-4836c32db85chttps://github.com/francoisjacquet/rosariosis/commit/6433946abfb34324616e833b1c00d0b2450753behttps://huntr.dev/bounties/efe6ef47-d17c-4773-933a-4836c32db85c
2023-04-21
Published