CVE-2023-32311 HIGH

CVE-2023-32311: The CloudExplorer Lite missing permissions check

Vendor Cloudexplorer-Dev
Product CloudExplorer-Lite
Weakness CWE-862 · Missing authorization
Published May 26, 2023
Last update January 14, 2025

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

CloudExplorer Lite is an open source cloud management platform. In CloudExplorer Lite prior to version 1.1.0 users organization/workspace permissions are not properly checked. This allows users to add themselves to any organization. This vulnerability has been fixed in v1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.

Key dates

02Disclosure timeline

May 26, 2023 CVE published
January 14, 2025 Record updated