CVE-2023-47801

An issue was discovered in Click Studios Passwordstate before 9811. Existing users (Security Administrators) could use the System Wide API Key to read or delete private password records when specifically used with the PasswordHistory API endpoint. It is also possible to use the Copy/Move Password Record API Key to Copy/Move private password records.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:clickstudios:passwordstate:*:*:*:*:*:-:*:*

History

20 Nov 2023, 19:20

Type Values Removed Values Added
CPE cpe:2.3:a:clickstudios:passwordstate:*:*:*:*:*:-:*:*
First Time Clickstudios
Clickstudios passwordstate
CWE CWE-732
References () https://www.clickstudios.com.au/security/advisories/ - () https://www.clickstudios.com.au/security/advisories/ - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.7

13 Nov 2023, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-13 09:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-47801

Mitre link : CVE-2023-47801

CVE.ORG link : CVE-2023-47801


JSON object : View

Products Affected

clickstudios

  • passwordstate
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource