CVE-2023-7210

Summary

A vulnerability was found in OneNav up to 0.9.33. It has been classified as critical. This affects an unknown part of the file /index.php?c=api of the component API. The manipulation of the argument X-Token leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249765 was assigned to this vulnerability.

Affected Software

VendorProductVersion RangeStatus
n/aOneNav0.9.0affected
n/aOneNav0.9.1affected
n/aOneNav0.9.2affected
n/aOneNav0.9.3affected
n/aOneNav0.9.4affected
n/aOneNav0.9.5affected
n/aOneNav0.9.6affected
n/aOneNav0.9.7affected
n/aOneNav0.9.8affected
n/aOneNav0.9.9affected
n/aOneNav0.9.10affected
n/aOneNav0.9.11affected
n/aOneNav0.9.12affected
n/aOneNav0.9.13affected
n/aOneNav0.9.14affected
n/aOneNav0.9.15affected
n/aOneNav0.9.16affected
n/aOneNav0.9.17affected
n/aOneNav0.9.18affected
n/aOneNav0.9.19affected
n/aOneNav0.9.20affected
n/aOneNav0.9.21affected
n/aOneNav0.9.22affected
n/aOneNav0.9.23affected
n/aOneNav0.9.24affected
n/aOneNav0.9.25affected
n/aOneNav0.9.26affected
n/aOneNav0.9.27affected
n/aOneNav0.9.28affected
n/aOneNav0.9.29affected
n/aOneNav0.9.30affected
n/aOneNav0.9.31affected
n/aOneNav0.9.32affected
n/aOneNav0.9.33affected

Weaknesses

  • CWE-287: CWE-287 Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References