Base Score

HIGH8.1

CVE-2023-29032

An attacker that has gained access to certain private information can use this to act as other user. Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0

VectorNETWORK

Published Bysecurity@apache.org

Published DateMay 12, 2023, 08:15

Affected Versions(1)

org.apache.openmeetings:openmeetings-parent(Maven)

Introduced3.1.3

Fixed7.1.0

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
org.apache.openmeetings:openmeetings-parent(Maven)	3.1.3	7.1.0	N/A

Weakness Type (CWE):CWE-287

CVSS Metrics

Base Score

8.1

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

https://lists.apache.org/thread/j2d6mg3rzcphfd8vvvk09d8p4o9lvnqp

Base Score

HIGH8.1

Weakness Type (CWE):CWE-287

CVSS Metrics

Base Score

8.1

Vector String

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

HIGH

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH