What the vulnerability does
01Description
Missing Authorization vulnerability in cookiebot Cookiebot cookiebot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cookiebot: from n/a through <= 4.6.4.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
What the vulnerability does
Missing Authorization vulnerability in cookiebot Cookiebot cookiebot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cookiebot: from n/a through <= 4.6.4.
Explanation of Vulnerability in Simple Terms
Cookiebot versions up to 4.6.4 fail to properly check user permissions before allowing access to sensitive functions. An authenticated user with low privileges can read data they should not have access to. The vulnerability requires a valid user account but no special interaction. Update to version 4.7.2 or later to resolve this issue.
What an attacker can do
Read sensitive data they should not have access to as a low-privilege authenticated user.
Potential impact on your site
Authenticated users can access confidential information beyond their permission level.
Conditions required to exploit
Attacker must have a valid low-privilege user account on the site.
Key dates
External resources
Related vulnerabilities