CVE-2023-0959
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-0959
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-0959.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-0959
- Published
- 2023-04-05T20:15:07.557Z
- Modified
- 2025-11-15T05:40:26.815896Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable to CSRF.
- References
Affected packages
Git / github.com/ima-worldhealth/bhima
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ima-worldhealth/bhima
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
1.*
1.2.0
1.9.1
v0.*
v0.4.0
v0.4.1
v0.5.0
v0.6.0
v1.*
v1.0
v1.0-rc.1
v1.0-rc.2
v1.0.0
v1.1
v1.1-rc1
v1.1.0
v1.1.1
v1.10.0
v1.10.1
v1.10.2
v1.11.0
v1.12.0
v1.13.0
v1.13.1
v1.14.0
v1.15.0
v1.16.0
v1.16.1
v1.17.1
v1.17.2
v1.17.3
v1.17.4
v1.18.0
v1.18.1
v1.19.0
v1.19.1
v1.2.0
v1.20.0
v1.21.0
v1.21.1
v1.21.2
v1.21.3
v1.21.5
v1.22.0
v1.22.1
v1.24.0
v1.25.0
v1.26.0
v1.27.0
v1.3.0
v1.4.0
v1.6.0
v1.6.1
v1.7.0
v1.8.0
v1.8.1
v1.8.2
v1.9.0