Critical severity9.6OSV Advisory· Published Jul 9, 2024· Updated Jun 17, 2026
CVE-2023-38055
CVE-2023-38055
Description
A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to fetch, modify or delete the services of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21.1.0, 1.1.0-beta.2, 1.2.0-alpha.1, …+ 1 more
- (no CPE)range: 1.1.0, 1.1.0-beta.2, 1.2.0-alpha.1, …
- (no CPE)
Patches
Vulnerability mechanics
News mentions
0No linked articles in our index yet.