CVE-2023-3700 – alextselegidis/easyappointments

Package

Manager: composer
Name: alextselegidis/easyappointments
Vulnerable Version: >=0 <1.5.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00017 pctl0.02672

Details

Easy!Appointments Improper Access Control vulnerability Easy!Appointments 1.4.3 and prior has an Improper Access Control vulnerability. This issue is patched at commit b37b46019553089db4f22eb2fe998bca84b2cb64 and anticipated to be part of version 1.5.0.

Metadata

Created: 2023-07-17T09:30:23Z
Modified: 2023-07-17T14:08:19Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-8c6q-26w6-qwhg/GHSA-8c6q-26w6-qwhg.json
CWE IDs: ["CWE-284", "CWE-639"]
Alternative ID: GHSA-8c6q-26w6-qwhg
Finding: F039
Auto approve: 1