VYPR
Critical severity9.6OSV Advisory· Published Jul 9, 2024· Updated Jun 17, 2026

CVE-2023-38055

CVE-2023-38055

Description

A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to fetch, modify or delete the services of any user (including admin). This results in unauthorized access and unauthorized data manipulation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • 1.1.0, 1.1.0-beta.2, 1.2.0-alpha.1, …+ 1 more
    • (no CPE)range: 1.1.0, 1.1.0-beta.2, 1.2.0-alpha.1, …
    • (no CPE)

Patches

Vulnerability mechanics

News mentions

0

No linked articles in our index yet.