CVE-2023-32311: The CloudExplorer Lite missing permissions check
First published: Fri May 26 2023(Updated: )
CloudExplorer Lite is an open source cloud management platform. In CloudExplorer Lite prior to version 1.1.0 users organization/workspace permissions are not properly checked. This allows users to add themselves to any organization. This vulnerability has been fixed in v1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fit2cloud Cloudexplorer | <1.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-32311.
What is the severity of CVE-2023-32311?
The severity of CVE-2023-32311 is medium with a value of 4.
What is the affected software of CVE-2023-32311?
The affected software of CVE-2023-32311 is CloudExplorer Lite prior to version 1.1.0.
How can the vulnerability be fixed?
The vulnerability can be fixed by updating to version 1.1.0 of CloudExplorer Lite.
Where can I find more information about CVE-2023-32311?
More information about CVE-2023-32311 can be found at the following URL: [https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-hxjq-g9qv-pwq5]
- collector/nvd-latest
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/title
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/fit2cloud
- canonical/fit2cloud cloudexplorer