CVE-2023-27304 : Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Gar

Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin.

Published 2023-05-23 02:15:09

Updated 2025-01-17 18:15:20

Source JPCERT/CC

View at NVD, CVE.org

Products affected by CVE-2023-27304

Cybozu » Garoon
Versions from including (>=) 4.6.0 and up to, including, (<=) 5.9.2
cpe:2.3:a:cybozu:garoon:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-27304

EPSS FAQ

0.15%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 32 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-27304

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	2.8	1.4	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: Low Availability: None

CWE ids for CVE-2023-27304

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

References for CVE-2023-27304

https://jvn.jp/en/jp/JVN41694426/

JVN#41694426: Multiple vulnerabilities in Cybozu Garoon
Third Party Advisory

CVEs referencing this url
https://cs.cybozu.co.jp/2023/007698.html

パッケージ版 Garoon 脆弱性に関するお知らせ | サイボウズからのお知らせ
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-27304

Products affected by CVE-2023-27304

Exploit prediction scoring system (EPSS) score for CVE-2023-27304

CVSS scores for CVE-2023-27304

CWE ids for CVE-2023-27304

References for CVE-2023-27304