CVE-2023-47801

An issue was discovered in Click Studios Passwordstate before 9811. Existing users (Security Administrators) could use the System Wide API Key to read or delete private password records when specifically used with the PasswordHistory API endpoint. It is also possible to use the Copy/Move Password Record API Key to Copy/Move private password records.
Configurations

Configuration 1 (hide)

cpe:2.3:a:clickstudios:passwordstate:*:*:*:*:*:-:*:*

History

21 Nov 2024, 08:30

Type Values Removed Values Added
References () https://www.clickstudios.com.au/security/advisories/ - Vendor Advisory () https://www.clickstudios.com.au/security/advisories/ - Vendor Advisory

20 Nov 2023, 19:20

Type Values Removed Values Added
First Time Clickstudios
Clickstudios passwordstate
CPE cpe:2.3:a:clickstudios:passwordstate:*:*:*:*:*:-:*:*
References () https://www.clickstudios.com.au/security/advisories/ - () https://www.clickstudios.com.au/security/advisories/ - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.7
CWE CWE-732

13 Nov 2023, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-13 09:15

Updated : 2024-11-21 08:30


NVD link : CVE-2023-47801

Mitre link : CVE-2023-47801

CVE.ORG link : CVE-2023-47801


JSON object : View

Products Affected

clickstudios

  • passwordstate
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource