Home > Vulnerability Database > CVE-2023-51386

Mend.io Vulnerability Database

CVE-2023-51386

Good to know:

Date: December 22, 2023

Sandbox Accounts for Events provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could potentially read data from the events table by sending request payloads to the events API, collecting information on planned events, timeframes, budgets and owner email addresses. This data access may allow users to get insights into upcoming events and join events which they have not been invited to. This issue has been patched in version 1.10.0.

Language: JS

Severity Score

7.8

Related Resources (4)

Url: https://github.com/awslabs/sandbox-accounts-for-events/security/advisories/GHSA-p7w3-j66h-m7mx

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-51386

Url: https://github.com/awslabs/sandbox-accounts-for-events/commit/f30a0662f0a28734eb33c5868cccc1c319eb6e79

Url: https://www.mend.io/vulnerability-database/CVE-2023-51386

Severity Score

7.8

Weakness Type (CWE)

Improper Privilege Management

CWE-269

Top Fix

Upgrade Version

Upgrade to version 1.1.0

Learn More

CVSS v3.1

Base Score:	7.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-51386

Good to know:

Date: December 22, 2023

Language: JS

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?