Vulnerabilities > Authorization Bypass Through User-Controlled Key

DATE CVE VULNERABILITY TITLE RISK
2024-07-09 CVE-2023-38048 Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments
A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to fetch, modify or delete a privileged user (provider).
network
low complexity
easyappointments CWE-639
8.1
2024-07-09 CVE-2023-38049 Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments
A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged user to fetch, modify or delete an appointment of any user (including admin).
network
low complexity
easyappointments CWE-639
8.1
2024-07-09 CVE-2023-38050 Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments
A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to fetch, modify or delete a webhook of any user (including admin).
network
low complexity
easyappointments CWE-639
8.1
2024-07-09 CVE-2023-38051 Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments
A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user to fetch, modify or delete a low privileged user (secretary).
network
low complexity
easyappointments CWE-639
8.1
2024-07-09 CVE-2023-38052 Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments
A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch, modify or delete a high privileged user (admin).
network
low complexity
easyappointments CWE-639
8.1
2024-07-09 CVE-2023-38053 Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments
A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to fetch, modify or delete the settings of any user (including admin).
network
low complexity
easyappointments CWE-639
8.1
2024-07-09 CVE-2023-38054 Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments
A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer).
network
low complexity
easyappointments CWE-639
8.1
2024-07-09 CVE-2023-38055 Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments
A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to fetch, modify or delete the services of any user (including admin).
network
low complexity
easyappointments CWE-639
8.1
2024-07-09 CVE-2023-3286 Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments
A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged user (secretary) in the system.
network
low complexity
easyappointments CWE-639
6.5
2024-07-09 CVE-2023-3287 Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments
A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged user (admin) in the system.
network
low complexity
easyappointments CWE-639
8.8