CVE-2023-0944

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-0944
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0944.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-0944
Published
2023-04-05T20:15:07.527Z
Modified
2026-04-10T04:56:57.298692Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. This is possible because the application is vulnerable to IDOR, it does not correctly validate user permissions with respect to certain actions that can be performed by the user.

References

Affected packages

Git / github.com/third-culture-software/bhima

Affected ranges

Type
GIT
Repo
https://github.com/third-culture-software/bhima
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c02fbdc57e4ce4786933410a1a64aa742d11cd5d
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.27.0"
        }
    ]
}

Affected versions

1.*
1.9.1
v0.*
v0.4.0
v0.4.1
v0.5.0
v1.*
v1.0
v1.0-rc.1
v1.0-rc.2
v1.1
v1.1-rc1
v1.1.0
v1.1.1
v1.17.3
v1.17.4
v1.18.0
v1.18.1
v1.20.0
v1.21.1
v1.21.2
v1.21.3
v1.25.0
v1.26.0
v1.27.0
v1.4.0
v1.7.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-0944.json"