What the vulnerability does
01Description
Missing Authorization vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetWooBuilder: from n/a through <= 2.1.18.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Missing Authorization vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JetWooBuilder: from n/a through <= 2.1.18.
Explanation of Vulnerability in Simple Terms
JetWooBuilder versions up to 2.1.18 lack proper authorization checks, allowing unauthenticated attackers to read sensitive data. An attacker can access information without logging in or requiring user interaction. The vulnerability affects confidentiality but not data integrity or availability. Update to a version newer than 2.1.18.
What an attacker can do
Read sensitive data without authentication.
Potential impact on your site
Unauthorized users can access confidential information stored in or processed by JetWooBuilder.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities