CVE-2023-29032

CWE-287 — Improper Authentication4 documents4 sources

Severity

8.1HIGH

EPSS

0.2%

top 58.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Openmeetings Apache Openmeetings

Timeline

PublishedMay 12

Description

An attacker that has gained access to certain private information can use this to act as other user. Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5apache_software_foundation/apache_openmeetings3.1.3 — 7.1.0

▶NVDapache/openmeetings3.1.3 — 7.1.0

▶Mavenorg.apache.openmeetings:openmeetings-parent3.1.3 — 7.1.0

🔴Vulnerability Details

CVEList

Apache OpenMeetings: allows bypass authentication↗2023-05-12

▶

GHSA

Apache OpenMeetings Improper Authentication vulnerability↗2023-05-12

▶

OSV

Apache OpenMeetings Improper Authentication vulnerability↗2023-05-12

▶