CVE-2023-32311

EUVD-2023-36561
CloudExplorer Lite is an open source cloud management platform. In CloudExplorer Lite prior to version 1.1.0 users organization/workspace permissions are not properly checked. This allows users to add themselves to any organization. This vulnerability has been fixed in v1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
GitHub_MCNA
7.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
Affected Products (NVD)
VendorProductVersion
fit2cloudcloudexplorer
𝑥
< 1.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-hxjq-g9qv-pwq5
https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-hxjq-g9qv-pwq5
https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-hxjq-g9qv-pwq5