Vulnerability Details : CVE-2023-5321
Missing Authorization in GitHub repository hamza417/inure prior to build94.
Products affected by CVE-2023-5321
- cpe:2.3:a:hamza417:inure:build44:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build45:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build46:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build47:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build48:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build49:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build51:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build52:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build53:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build55:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build56:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build57:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build58:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build59:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build60:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build61:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build62:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build63:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build64:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build65:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build66:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build67:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build68:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build69:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build70:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build71:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build72:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build73:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build74:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build75:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build76:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build77:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build78:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build79:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build80:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build83:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build85:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build86:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build87:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build88:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build89:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build92:*:*:*:*:android:*:*
- cpe:2.3:a:hamza417:inure:build93:*:*:*:*:android:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-5321
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 7 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-5321
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.1
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
2.5
|
2.5
|
huntr.dev | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2023-5321
-
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.Assigned by: security@huntr.dev (Primary)
References for CVE-2023-5321
-
https://huntr.dev/bounties/b1becc68-e738-458f-bd99-06ee77580d3a
Improper validation of intent data received in TextViewerActivity allows opening of arbitrary files in hamza417/inure vulnerability found in inureExploit
-
https://github.com/hamza417/inure/commit/57fda918bfd2fb863f579841a46363fe8e10c29b
Patched improper input validation vulnerability · Hamza417/Inure@57fda91 · GitHubPatch
Jump to