Home > Vulnerability Database > WS-2023-0150

Mend.io Vulnerability Database

WS-2023-0150

Good to know:

Date: May 18, 2023

Ibexa User Settings are accessible on the front-end for anonymous user. This impacted only the anonymous users themselves, and had no impact on logged in users. As such the impact is limited, even if custom user settings have been added, but please consider if this matters for your site. The fix ensures that only logged in users can access their user settings.

Language: PHP

Severity Score

5.4

Related Resources (2)

Url: https://github.com/ibexa/user/commit/77d1a0926d93ca85aa6faeea66bee55e0e067551

Url: https://www.mend.io/vulnerability-database/WS-2023-0150

Severity Score

5.4

Weakness Type (CWE)

Improper Access Control

CWE-284

Top Fix

Upgrade Version

Upgrade to version v4.4.3

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2023-0150

Good to know:

Date: May 18, 2023

Language: PHP

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?