How severe is CVE-2023-40315?

This vulnerability has a severity rating of HIGH with a CVSS score of 8 out of 10.

What type of vulnerability is CVE-2023-40315?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2023-40315 - HIGH Severity | CVSS 8

Vulnerability Description

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLE_FILESYSTEM_EDITOR can easily escalate their privileges to ROLE_ADMIN or any other role. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter for reporting this issue.

Related Vulnerabilities

CVE-2018-2494

HIGH

CVSS:8.0(High)

Necessary authorization checks for an authenticated user, resulting in escalation of privileges, have been fixed in SAP Basis AS ABAP of SAP NetWeaver 700 to 750, from 750 onwards delivered as ABAP Pl...

CWE-8632018

CVE-2020-36610

HIGH

CVSS:8.0(High)

A vulnerability was found in annyshow DuxCMS 2.1. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be ...

CWE-8632020

CVE-2021-24905

HIGH

CVSS:8.0(High)

The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, ...

CWE-8632021

CVE-2022-24128

HIGH

CVSS:8.0(High)

Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension installation. The installation process uses commands such as CREATE x IF NOT EXIST that allow an unprivil...

CWE-8632022

CVE-2023-31403

HIGH

CVSS:8.0(High)

SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious user can read and write to the SMB share...

CWE-8632023

CVE-2024-0199

HIGH

CVSS:8.0(High)

An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utili...

CWE-8632024