What the vulnerability does
01Description
Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
What the vulnerability does
Unauthenticated Broken Access Control in Knit Pay <= 9.4.0.0 versions.
Explanation of Vulnerability in Simple Terms
Knit Pay versions up to 9.4.0.0 lack proper authorization checks, allowing unauthenticated attackers to modify data through network requests. The vulnerability does not expose sensitive information or disrupt service availability, but attackers can alter records without needing credentials or user interaction. Organizations using affected versions should update immediately.
What an attacker can do
Modify or alter data in Knit Pay without authentication.
Potential impact on your site
Attackers can change payment records, settings, or other data without logging in, potentially affecting transaction integrity.
Conditions required to exploit
Network access to the Knit Pay application; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities