CVE-2023-0609 MEDIUM

CVE-2023-0609: Improper Authorization in wallabag/wallabag

Vendor Wallabag

Product wallabag/wallabag

Weakness CWE-285

Published February 1, 2023

Last update March 26, 2025

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3.

Key dates

02Disclosure timeline

February 1, 2023 CVE published

March 26, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-0609

Related vulnerabilities

04Related CVE

CVE-2026-33105 Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability CVE-2025-10731 ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Sensitive Information Exposure to Data Export CVE-2022-31666 Harbor fails to validate user permissions while Viewing, updating and deleting Webhook policies CVE-2026-11521 Mohammed-eid35 bank-management-system-springboot Transaction Endpoint TransactionController.java improper authorization CVE-2025-9937 elunez eladmin LocalStorageController deleteFile improper authorization