Multiple vulnerabilities in BudyBoss

Posted date 30/05/2023
Importance
5 - Critical
Affected Resources

WordPress sites using BuddyBoss Platform version 2.2.9.

Description

INCIBE has coordinated the publication of 3 vulnerabilities in BuddyBoss Platform, which has been discovered by Anxo Januario Gonzales.

These vulnerabilities have been assigned the following codes:

  • CVE-2023-32669:
    • CVSS v3.1 base score: 5,4.
    • CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N.
    • Vulnerability type: CWE-639: authorization bypass through user-controlled Key
  • CVE-2023-32670:
    • CVSS v3.1 base score: 9,0.
    • CVSS vector string: AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H.
    • Vulnerability type: CWE-79: improper neutralization of input during web page generation ('Cross-site Scripting').
  • CVE-2023-32671:
    • CVSS v3.1 base score: 6,3.
    • CVSS vector string: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N.
    • Vulnerability type: CWE-79: improper neutralization of input during web page generation ('Cross-site Scripting').
Solution

No solution has been identified at this time.

Detail
  • CVE-2023-32669: authorization bypass vulnerability, the exploitation of which could allow an authenticated user to access and rename other users' albums. This vulnerability can be exploited by changing the album identification (id).
  • CVE-2023-32670: Cross-Site Scripting vulnerability, which could allow a local attacker with basic privileges to execute a malicious payload through the "[name]=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is loaded.
  • CVE-2023-32671: Stored Cross-Site Scripting vulnerability, the exploitation of which could allow an attacker to store a malicious javascript payload via a POST request when sending an invitation to another user.
References list
Product sheet
Etiquetas