Aria Automation contains a Missing Access Control... · CVE-2023-34063 · GitHub Advisory Database · GitHub

Aria Automation contains a Missing Access Control...

Critical severity Unreviewed Published Jan 16, 2024 to the GitHub Advisory Database • Updated Feb 3, 2024

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

Aria Automation contains a Missing Access Control vulnerability.

An authenticated malicious actor may
exploit this vulnerability leading to unauthorized access to remote
organizations and workflows.

References

Published by the National Vulnerability Database

Jan 16, 2024

Published to the GitHub Advisory Database Jan 16, 2024

Last updated Feb 3, 2024

Severity

Critical

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

Low

User interaction

None

Scope

Changed

Confidentiality

Low

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:H