CVE-2023-40362

An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
centralsquareclick2gov_building_permit
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/ally-petitt/CVE-2023-40362
https://www.classaction.org/news/centralsquare-hit-with-class-action-over-2017-2018-click2gov-data-breach
https://github.com/ally-petitt/CVE-2023-40362
https://www.classaction.org/news/centralsquare-hit-with-class-action-over-2017-2018-click2gov-data-breach