CVE-2023-32316

HIGH

CloudExplorer Lite < 1.1.0 - Missing Authorization in User Profile

Title source: llm
STIX 2.1

Description

CloudExplorer Lite is an open source cloud management tool. In affected versions users can add themselves to any organization in CloudExplorer Lite. This is due to a missing permission check on the user profile. It is recommended to upgrade the version to v1.1.0. There are no known workarounds for this vulnerability.

References (1)

Core 1

Scores

CVSS v3 7.1
EPSS 0.0038
EPSS Percentile 30.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (1)
fit2cloud/cloudexplorer < 1.1.0
Published May 26, 2023
Tracked Since Feb 18, 2026