How severe is CVE-2023-22737?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2023-22737?

This is classified as CWE-280, which is a common weakness in software security.

CVE-2023-22737 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

wire-server provides back end services for Wire, a team communication and collaboration platform. Prior to version 2022-12-09, every member of a Conversation can remove a Bot from a Conversation due to a missing permissions check. Only Conversation admins should be able to remove Bots. Regular Conversations are not allowed to do so. The issue is fixed in wire-server 2022-12-09 and is already deployed on all Wire managed services. On-premise instances of wire-server need to be updated to 2022-12-09/Chart 4.29.0, so that their backends are no longer affected. There are no known workarounds.

Related Vulnerabilities

CVE-2019-13415

MEDIUM

CVSS:6.5(Medium)

Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users can gain read access to data they are not authorized to see.

CWE-2802019

CVE-2021-38312

MEDIUM

CVSS:6.5(Medium)

The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route in...

CWE-2802021

CVE-2022-34368

MEDIUM

CVSS:6.5(Medium)

Dell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x and 19.7.0.0 contain an Improper Handling of Insufficient Permissions or Privileges vulnerability. Authenticated non admin user could exploit...

CWE-2802022

CVE-2023-43087

MEDIUM

CVSS:6.5(Medium)

Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient permissions. A low privileged remote attacker could potentially exploit this vulnerability to cause informati...

CWE-2802023

CVE-2024-6697

MEDIUM

CVSS:6.5(Medium)

The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected co...

CWE-2802024

CVE-2025-20649

MEDIUM

CVSS:6.5(Medium)

In Bluetooth Stack SW, there is a possible information disclosure due to a missing permission check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution p...

CWE-2802025