← back
CVE-2023-40362

CVE-2023-40362

CVSS 4.3 MEDIUMEPSS 0.7%CWE-862
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
12 Jan 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/ally-petitt/CVE-2023-40362https://www.classaction.org/news/centralsquare-hit-with-class-action-over-2017-2018-click2gov-data-breach