CVE-2024-6695 — Incorrect Authorization in Profile Builder

CWE-863 — Incorrect Authorization CWE-287 — Improper Authentication4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

1.1%

top 22.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cozmoslabs Profile Builder

Timeline

PublishedJul 31

Description

it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This is due to improper logic flow on the user registration process.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDcozmoslabs/profile_builder< 3.11.9

🔴Vulnerability Details

GHSA

GHSA-8qjv-hp27-6g2r: it's possible for an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions↗2024-07-31

▶

CVEList

profile-builder <= 3.11.8 - Unauthenticated Privilege Escalation↗2024-07-31

▶

VulnCheck

cozmoslabs profile_builder Incorrect Authorization↗2024

▶