Vulnerabilities > CVE-2023-3288 - Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user (provider) in the system. This results in privilege escalation.