CVE-2023-40362

Published Jan 12, 2024

Last updated 6 months ago

CVSS medium 4.3

Overview

Description: An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-862

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:centralsquare:click2gov_building_permit:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D740CF40-FBCC-4F42-B993-870E00917DA4"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.