How severe is CVE-2022-23173?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2022-23173?

This is classified as CWE-639, which is a common weakness in software security.

CVE-2022-23173 - MEDIUM Severity | CVSS 6.3

Vulnerability Description

this vulnerability affect user that even not allowed to access via the web interface. First of all, the attacker needs to access the "Login menu - demo site" then he can see in this menu all the functionality of the application. If the attacker will try to click on one of the links, he will get an answer that he is not authorized because he needs to log in with credentials. after he performed log in to the system there are some functionalities that the specific user is not allowed to perform because he was configured with low privileges however all the attacker need to do in order to achieve his goals is to change the value of the prog step parameter from 0 to 1 or more and then the attacker could access to some of the functionality the web application that he couldn't perform it before the parameter changed.

Related Vulnerabilities

CVE-2017-0882

MEDIUM

CVSS:6.3(Medium)

Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versions 8.15.8, 8.16.7, and 8.17.4, which were released on Marc...

CWE-6392017

CVE-2021-3852

MEDIUM

CVSS:6.3(Medium)

growi is vulnerable to Authorization Bypass Through User-Controlled Key

CWE-6392021

CVE-2023-1463

MEDIUM

CVSS:6.3(Medium)

Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.

CWE-6392023

CVE-2024-11146

MEDIUM

CVSS:6.3(Medium)

TrueFiling is a collaborative, web-based electronic filing system where attorneys, paralegals, court reporters and self-represented filers collect public legal documentation into cases. TrueFiling is ...

CWE-6392024

CVE-2024-33373

MEDIUM

CVSS:6.3(Medium)

An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to a...

CWE-6392024

CVE-2024-52511

MEDIUM

CVSS:6.3(Medium)

Nextcloud Tables allows users to to create tables with individual columns. By directly specifying the ID of a table or view, a malicious user could blindly insert new rows into tables they have no acc...

CWE-6392024