CVE-2023-32316
HIGHCloudExplorer Lite < 1.1.0 - Missing Authorization in User Profile
Title source: llmDescription
CloudExplorer Lite is an open source cloud management tool. In affected versions users can add themselves to any organization in CloudExplorer Lite. This is due to a missing permission check on the user profile. It is recommended to upgrade the version to v1.1.0. There are no known workarounds for this vulnerability.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-cp3j-437h-4vwj
Scores
CVSS v3
7.1
EPSS
0.0038
EPSS Percentile
30.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-862
Status
published
Products (1)
fit2cloud/cloudexplorer
< 1.1.0
Published
May 26, 2023
Tracked Since
Feb 18, 2026