Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-48171

An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component.

Published

2024-08-12T20:15:08.213

Last Modified

2024-09-18T18:54:08.080

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
NVD-CWE-Other
Type: Secondary
CWE-269

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	owasp	defectdojo	< 1.5.3.1	Yes

References

https://gccybermonks.com/posts/defectdojo/ Exploit, Third Party Advisory ([email protected])