CVE-2023-28326 — Missing Authentication for Critical Function in Software Foundation Apache Openmeetings

CWE-306 — Missing Authentication for Critical Function4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

1.1%

top 22.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Openmeetings Apache Openmeetings

Timeline

PublishedMar 28

Description

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5apache_software_foundation/apache_openmeetings2.0.0 — 7.0.0

▶NVDapache/openmeetings2.0 — 7.0.0

🔴Vulnerability Details

GHSA

Apache OpenMeetings missing authentication and can allow user impersonation↗2023-03-28

▶

OSV

Apache OpenMeetings missing authentication and can allow user impersonation↗2023-03-28

▶

CVEList

Apache OpenMeetings: allows user impersonation↗2023-03-28

▶