Vulnerabilities > CVE-2023-38389 - Incorrect Authorization vulnerability in Artbees Jupiter X Core

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

artbees

CWE-863

critical

NVD

Published: 2024-06-21

Updated: 2024-06-24

Summary

Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JupiterX Core: from n/a through 3.3.8.

Vulnerable Configurations

Part	Description	Count
Application	Artbees Artbees Jupiter X Core - Artbees Jupiter X Core 1.0.0 Artbees Jupiter X Core 1.6.1 Artbees Jupiter X Core 1.7.0 Artbees Jupiter X Core 1.8.0 Artbees Jupiter X Core 1.9.0 Artbees Jupiter X Core 1.10.0 Artbees Jupiter X Core 1.10.1 Artbees Jupiter X Core 1.15.0 Artbees Jupiter X Core 1.16.0 Artbees Jupiter X Core 1.16.2 Artbees Jupiter X Core 2.0.6 Artbees Jupiter X Core 2.0.9 Artbees Jupiter X Core 2.5.0 Artbees Jupiter X Core 2.5.1 Artbees Jupiter X Core 2.5.2 Artbees Jupiter X Core 2.5.3 Artbees Jupiter X Core 2.5.4 Artbees Jupiter X Core 2.5.5 Artbees Jupiter X Core 2.5.9 Artbees Jupiter X Core 2.6.4 Artbees Jupiter X Core 2.7.0 Artbees Jupiter X Core 3.0.0 Artbees Jupiter X Core 3.1.0 Artbees Jupiter X Core 3.2.0 Artbees Jupiter X Core 3.3.0 Artbees Jupiter X Core 3.3.5 Artbees Jupiter X Core 3.3.8	28

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://patchstack.com/database/vulnerability/jupiterx-core/wordpress-jupiter-x-core-plugin-3-3-0-unauthenticated-account-takeover-vulnerability?_s_id=cve