What the vulnerability does
01Description
Subscriber Broken Access Control in bunny.net <= 2.3.6 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
What the vulnerability does
Subscriber Broken Access Control in bunny.net <= 2.3.6 versions.
Explanation of Vulnerability in Simple Terms
Bunny.net versions up to 2.3.6 lack proper authorization checks, allowing authenticated users to read, modify, or delete data they should not have access to. An attacker with a low-privilege account can exploit this to access other users' information or perform unauthorized actions. The vulnerability requires valid credentials but no additional user interaction.
What an attacker can do
Read, modify, or delete data belonging to other users or restricted resources.
Potential impact on your site
User data and resources may be exposed to unauthorized access or modification by other authenticated users.
Conditions required to exploit
Valid low-privilege account on the Bunny.net platform; network access.
Key dates
External resources
Related vulnerabilities