CVE-2023-32669: Authorization Bypass on BuddyBoss
First published: Tue Oct 03 2023(Updated: )
Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could allow an authenticated user to access and rename other users' albums. This vulnerability can be exploited by changing the album identification (id).
Credit: cve-coordination@incibe.es
| Affected Software | Affected Version | How to fix |
|---|---|---|
| BuddyBoss | =2.2.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-32669?
CVE-2023-32669 is an authorization bypass vulnerability in BuddyBoss 2.2.9 version that allows an authenticated user to access and rename other users' albums.
How can this vulnerability be exploited?
This vulnerability can be exploited by changing the album identification (id).
How severe is CVE-2023-32669?
CVE-2023-32669 has a severity rating of medium with a CVSS score of 5.4.
What software version is affected by CVE-2023-32669?
BuddyBoss version 2.2.9 is affected by CVE-2023-32669.
How can I fix CVE-2023-32669?
Update BuddyBoss to a version that is not affected by CVE-2023-32669.
- agent/author
- agent/type
- agent/softwarecombine
- agent/references
- agent/severity
- agent/weakness
- agent/title
- agent/description
- agent/event
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/buddyboss
- canonical/buddyboss
- version/buddyboss/2.2.9