CVE-2023-3037

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-3037

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3037.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-3037

Published

2023-10-04T12:15:10.373Z

Modified

2026-03-14T12:05:14.528301Z

Severity

8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L CVSS Calculator

Summary

[none]

Details

Improper authorization vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to access the platform without authentication and retrieve personal data via the jsonGrid parameter.

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-helpdezk-community

Affected packages

Git / github.com/albandes/helpdezk

Affected ranges

Type

GIT

Repo

https://github.com/albandes/helpdezk

Events

Introduced

Last affected

e990488abfd0745168db772bf37fcfd6d65fc154

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.1.10"
        }
    ]
}

Affected versions

v1.*

v1.1.0

v1.1.1

v1.1.10

v1.1.2

v1.1.3

v1.1.4

v1.1.5

v1.1.5.1

v1.1.5.2

v1.1.5.3

v1.1.5.4

v1.1.5.5

v1.1.5.6

v1.1.6

v1.1.7

v1.1.8

v1.1.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3037.json"