CVE-2023-24842 MEDIUM

CVE-2023-24842: HGiga MailSherlock - Broken Access Control

Vendor Hgiga
Product MailSherlock
Weakness CWE-639 · IDOR
Published March 27, 2023
Last update February 19, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

HGiga MailSherlock has vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to access partial content of another user’s mail by changing user ID and mail ID within URL.

Key dates

02Disclosure timeline

March 27, 2023 CVE published
February 19, 2025 Record updated