CVE-2023-40362

EUVD-2023-44933
An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CISA-ADPADP
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
centralsquareclick2gov_building_permit
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/ally-petitt/CVE-2023-40362
https://www.classaction.org/news/centralsquare-hit-with-class-action-over-2017-2018-click2gov-data-breach
https://github.com/ally-petitt/CVE-2023-40362
https://www.classaction.org/news/centralsquare-hit-with-class-action-over-2017-2018-click2gov-data-breach