CVE-2023-27485

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-27485
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-27485.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-27485
Related
  • GHSA-fhq8-p3w6-mmgr
Published
2023-03-07T19:15:12Z
Modified
2025-01-08T14:50:37.274867Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

thmmniii/fbs-core is an open source feedback system for students. In versions prior to 1.5.3 when querying subresults, it is possible to query subresults from other users due to insufficient authorisation. This is only possible for logged-in users and it is not possible to associate the subresults with a specific user. This bug was fixed in commit f1ae67d8bb2and released with version 1.5.3. Users are advised to upgrade. There are no known workarounds for this issue.

References

Affected packages

Git / github.com/thm-mni-ii/feedbacksystem

Affected ranges

Type
GIT
Repo
https://github.com/thm-mni-ii/feedbacksystem
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

v1.*

v1.0.0
v1.1.0
v1.1.1
v1.2.0
v1.2.1
v1.3.0
v1.4.0
v1.4.1