CVE-2023-37865 — Authentication Bypass by Spoofing in Country Blocker

CWE-290 — Authentication Bypass by Spoofing5 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 70.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ip2location Country Blocker Ip2location Download Ip2location Country Blocker

Timeline

PublishedJun 4

Description

Authentication Bypass by Spoofing vulnerability in IP2Location Download IP2Location Country Blocker allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Download IP2Location Country Blocker: from n/a through 2.29.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5ip2location/download_ip2location_country_blockern/a — 2.29.1

▶NVDip2location/country_blocker< 2.29.2

🔴Vulnerability Details

CVEList

WordPress IP2Location Country Blocker plugin <= 2.29.1 - IP Bypass Vulnerability vulnerability↗2024-06-04

▶

GHSA

GHSA-427c-xc35-8535: Authentication Bypass by Spoofing vulnerability in IP2Location Download IP2Location Country Blocker allows Accessing Functionality Not Properly Constr↗2024-06-04

▶

📋Vendor Advisories

Oracle

Oracle Oracle MySQL Risk Matrix: Monitoring: General (Apache Ivy) — CVE-2022-37865↗2023-07-15

▶

Oracle

Oracle Oracle Communications Risk Matrix: Installation (Apache Ivy) — CVE-2022-37865↗2023-04-15

▶