Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for inure by hamza417

    CVE-2023-5862 (GCVE-0-2023-5862)

    Vulnerability from nvd – Published: 2023-10-31 00:00 – Updated: 2024-09-05 17:54
    VLAI
    Title
    Missing Authorization in hamza417/inure
    Summary
    Missing Authorization in GitHub repository hamza417/inure prior to Build95.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    hamza417 hamza417/inure Affected: unspecified , < Build95 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.254Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/0e517db6-d8ba-4cb9-9339-7991dda52e6d"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/hamza417/inure/commit/52b8c0bae36f129a5be05e377d7391afc3629df6"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5862",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-05T17:53:30.720082Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-05T17:54:32.066Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "hamza417/inure",
              "vendor": "hamza417",
              "versions": [
                {
                  "lessThan": "Build95",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing Authorization in GitHub repository hamza417/inure prior to Build95."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-31T00:00:18.766Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/0e517db6-d8ba-4cb9-9339-7991dda52e6d"
            },
            {
              "url": "https://github.com/hamza417/inure/commit/52b8c0bae36f129a5be05e377d7391afc3629df6"
            }
          ],
          "source": {
            "advisory": "0e517db6-d8ba-4cb9-9339-7991dda52e6d",
            "discovery": "EXTERNAL"
          },
          "title": "Missing Authorization in hamza417/inure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5862",
        "datePublished": "2023-10-31T00:00:18.766Z",
        "dateReserved": "2023-10-31T00:00:06.449Z",
        "dateUpdated": "2024-09-05T17:54:32.066Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5321 (GCVE-0-2023-5321)

    Vulnerability from nvd – Published: 2023-09-30 13:43 – Updated: 2024-09-23 15:59
    VLAI
    Title
    Missing Authorization in hamza417/inure
    Summary
    Missing Authorization in GitHub repository hamza417/inure prior to build94.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    hamza417 hamza417/inure Affected: unspecified , < build94 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:52:08.587Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/b1becc68-e738-458f-bd99-06ee77580d3a"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/hamza417/inure/commit/57fda918bfd2fb863f579841a46363fe8e10c29b"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5321",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-23T15:58:24.704049Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-23T15:59:12.649Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "hamza417/inure",
              "vendor": "hamza417",
              "versions": [
                {
                  "lessThan": "build94",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing Authorization in GitHub repository hamza417/inure prior to build94."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-30T13:43:14.012Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/b1becc68-e738-458f-bd99-06ee77580d3a"
            },
            {
              "url": "https://github.com/hamza417/inure/commit/57fda918bfd2fb863f579841a46363fe8e10c29b"
            }
          ],
          "source": {
            "advisory": "b1becc68-e738-458f-bd99-06ee77580d3a",
            "discovery": "EXTERNAL"
          },
          "title": "Missing Authorization in hamza417/inure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5321",
        "datePublished": "2023-09-30T13:43:14.012Z",
        "dateReserved": "2023-09-30T13:43:01.219Z",
        "dateUpdated": "2024-09-23T15:59:12.649Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4877 (GCVE-0-2023-4877)

    Vulnerability from nvd – Published: 2023-09-10 00:00 – Updated: 2024-09-26 15:12
    VLAI
    Title
    Exposure of Sensitive Information to an Unauthorized Actor in hamza417/inure
    Summary
    Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    hamza417 hamza417/inure Affected: unspecified , < build92 (custom)
    Create a notification for this product.
    hamza417 inure Affected: 0 , < build92 (custom)
        cpe:2.3:a:hamza417:inure:*:*:*:*:*:android:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:38:00.745Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/168e9299-f8ff-40d6-9def-d097b38bad84"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/hamza417/inure/commit/09762e8c059be5983ca55e6424b2b5992fa740e7"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hamza417:inure:*:*:*:*:*:android:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inure",
                "vendor": "hamza417",
                "versions": [
                  {
                    "lessThan": "build92",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4877",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T15:11:46.715441Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T15:12:44.643Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "hamza417/inure",
              "vendor": "hamza417",
              "versions": [
                {
                  "lessThan": "build92",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-10T00:00:42.399Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/168e9299-f8ff-40d6-9def-d097b38bad84"
            },
            {
              "url": "https://github.com/hamza417/inure/commit/09762e8c059be5983ca55e6424b2b5992fa740e7"
            }
          ],
          "source": {
            "advisory": "168e9299-f8ff-40d6-9def-d097b38bad84",
            "discovery": "EXTERNAL"
          },
          "title": "Exposure of Sensitive Information to an Unauthorized Actor in hamza417/inure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-4877",
        "datePublished": "2023-09-10T00:00:42.399Z",
        "dateReserved": "2023-09-10T00:00:37.847Z",
        "dateUpdated": "2024-09-26T15:12:44.643Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4876 (GCVE-0-2023-4876)

    Vulnerability from nvd – Published: 2023-09-10 00:00 – Updated: 2024-09-26 16:00
    VLAI
    Title
    Exposure of Sensitive Information to an Unauthorized Actor in hamza417/inure
    Summary
    Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    hamza417 hamza417/inure Affected: unspecified , < build92 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:38:00.835Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/f729d2c8-a62e-4f30-ac24-e187b0a7892a"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/hamza417/inure/commit/7db5511753089c3cf477475f1f3b62a6e6ede4a8"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4876",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T15:59:41.491771Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-200",
                    "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T16:00:35.540Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "hamza417/inure",
              "vendor": "hamza417",
              "versions": [
                {
                  "lessThan": "build92",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-10T00:00:19.240Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/f729d2c8-a62e-4f30-ac24-e187b0a7892a"
            },
            {
              "url": "https://github.com/hamza417/inure/commit/7db5511753089c3cf477475f1f3b62a6e6ede4a8"
            }
          ],
          "source": {
            "advisory": "f729d2c8-a62e-4f30-ac24-e187b0a7892a",
            "discovery": "EXTERNAL"
          },
          "title": "Exposure of Sensitive Information to an Unauthorized Actor in hamza417/inure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-4876",
        "datePublished": "2023-09-10T00:00:19.240Z",
        "dateReserved": "2023-09-10T00:00:06.660Z",
        "dateUpdated": "2024-09-26T16:00:35.540Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4435 (GCVE-0-2023-4435)

    Vulnerability from nvd – Published: 2023-08-20 00:00 – Updated: 2024-10-03 14:11
    VLAI
    Title
    Improper Input Validation in hamza417/inure
    Summary
    Improper Input Validation in GitHub repository hamza417/inure prior to build88.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    hamza417 hamza417/inure Affected: unspecified , < build88 (custom)
    Create a notification for this product.
    hamza417 inure Affected: 0 , < build88 (custom)
        cpe:2.3:a:hamza417:inure:*:*:*:*:*:android:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:24:04.934Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/1875ee85-4b92-4aa4-861e-094137a29276"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/hamza417/inure/commit/e74062e439f860fd144da4bfc3f35e96c19c3abd"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hamza417:inure:*:*:*:*:*:android:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inure",
                "vendor": "hamza417",
                "versions": [
                  {
                    "lessThan": "build88",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4435",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T14:09:18.952502Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T14:11:11.886Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "hamza417/inure",
              "vendor": "hamza417",
              "versions": [
                {
                  "lessThan": "build88",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Input Validation in GitHub repository hamza417/inure prior to build88."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-20T00:00:19.448Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/1875ee85-4b92-4aa4-861e-094137a29276"
            },
            {
              "url": "https://github.com/hamza417/inure/commit/e74062e439f860fd144da4bfc3f35e96c19c3abd"
            }
          ],
          "source": {
            "advisory": "1875ee85-4b92-4aa4-861e-094137a29276",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Input Validation in hamza417/inure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-4435",
        "datePublished": "2023-08-20T00:00:19.448Z",
        "dateReserved": "2023-08-20T00:00:06.825Z",
        "dateUpdated": "2024-10-03T14:11:11.886Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4434 (GCVE-0-2023-4434)

    Vulnerability from nvd – Published: 2023-08-20 00:00 – Updated: 2024-10-03 14:13
    VLAI
    Title
    Missing Authorization in hamza417/inure
    Summary
    Missing Authorization in GitHub repository hamza417/inure prior to build88.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    hamza417 hamza417/inure Affected: unspecified , < build88 (custom)
    Create a notification for this product.
    hamza417 inure Affected: 0 , < build88 (custom)
        cpe:2.3:a:hamza417:inure:*:*:*:*:*:android:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:24:04.981Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/19e68377-e071-4a8e-aa4c-cd84a426602e"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/hamza417/inure/commit/2176af74ca3a81fd001e6cc8eea5a8306f484fbb"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hamza417:inure:*:*:*:*:*:android:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inure",
                "vendor": "hamza417",
                "versions": [
                  {
                    "lessThan": "build88",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4434",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T14:11:43.210576Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T14:13:24.746Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "hamza417/inure",
              "vendor": "hamza417",
              "versions": [
                {
                  "lessThan": "build88",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing Authorization in GitHub repository hamza417/inure prior to build88."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-20T00:00:18.940Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/19e68377-e071-4a8e-aa4c-cd84a426602e"
            },
            {
              "url": "https://github.com/hamza417/inure/commit/2176af74ca3a81fd001e6cc8eea5a8306f484fbb"
            }
          ],
          "source": {
            "advisory": "19e68377-e071-4a8e-aa4c-cd84a426602e",
            "discovery": "EXTERNAL"
          },
          "title": "Missing Authorization in hamza417/inure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-4434",
        "datePublished": "2023-08-20T00:00:18.940Z",
        "dateReserved": "2023-08-20T00:00:06.039Z",
        "dateUpdated": "2024-10-03T14:13:24.746Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5862 (GCVE-0-2023-5862)

    Vulnerability from cvelistv5 – Published: 2023-10-31 00:00 – Updated: 2024-09-05 17:54
    VLAI
    Title
    Missing Authorization in hamza417/inure
    Summary
    Missing Authorization in GitHub repository hamza417/inure prior to Build95.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    hamza417 hamza417/inure Affected: unspecified , < Build95 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:14:24.254Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.com/bounties/0e517db6-d8ba-4cb9-9339-7991dda52e6d"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/hamza417/inure/commit/52b8c0bae36f129a5be05e377d7391afc3629df6"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5862",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-05T17:53:30.720082Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-05T17:54:32.066Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "hamza417/inure",
              "vendor": "hamza417",
              "versions": [
                {
                  "lessThan": "Build95",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing Authorization in GitHub repository hamza417/inure prior to Build95."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-31T00:00:18.766Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.com/bounties/0e517db6-d8ba-4cb9-9339-7991dda52e6d"
            },
            {
              "url": "https://github.com/hamza417/inure/commit/52b8c0bae36f129a5be05e377d7391afc3629df6"
            }
          ],
          "source": {
            "advisory": "0e517db6-d8ba-4cb9-9339-7991dda52e6d",
            "discovery": "EXTERNAL"
          },
          "title": "Missing Authorization in hamza417/inure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5862",
        "datePublished": "2023-10-31T00:00:18.766Z",
        "dateReserved": "2023-10-31T00:00:06.449Z",
        "dateUpdated": "2024-09-05T17:54:32.066Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-5321 (GCVE-0-2023-5321)

    Vulnerability from cvelistv5 – Published: 2023-09-30 13:43 – Updated: 2024-09-23 15:59
    VLAI
    Title
    Missing Authorization in hamza417/inure
    Summary
    Missing Authorization in GitHub repository hamza417/inure prior to build94.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    hamza417 hamza417/inure Affected: unspecified , < build94 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:52:08.587Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/b1becc68-e738-458f-bd99-06ee77580d3a"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/hamza417/inure/commit/57fda918bfd2fb863f579841a46363fe8e10c29b"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-5321",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-23T15:58:24.704049Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-23T15:59:12.649Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "hamza417/inure",
              "vendor": "hamza417",
              "versions": [
                {
                  "lessThan": "build94",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing Authorization in GitHub repository hamza417/inure prior to build94."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-30T13:43:14.012Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/b1becc68-e738-458f-bd99-06ee77580d3a"
            },
            {
              "url": "https://github.com/hamza417/inure/commit/57fda918bfd2fb863f579841a46363fe8e10c29b"
            }
          ],
          "source": {
            "advisory": "b1becc68-e738-458f-bd99-06ee77580d3a",
            "discovery": "EXTERNAL"
          },
          "title": "Missing Authorization in hamza417/inure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-5321",
        "datePublished": "2023-09-30T13:43:14.012Z",
        "dateReserved": "2023-09-30T13:43:01.219Z",
        "dateUpdated": "2024-09-23T15:59:12.649Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4877 (GCVE-0-2023-4877)

    Vulnerability from cvelistv5 – Published: 2023-09-10 00:00 – Updated: 2024-09-26 15:12
    VLAI
    Title
    Exposure of Sensitive Information to an Unauthorized Actor in hamza417/inure
    Summary
    Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    hamza417 hamza417/inure Affected: unspecified , < build92 (custom)
    Create a notification for this product.
    hamza417 inure Affected: 0 , < build92 (custom)
        cpe:2.3:a:hamza417:inure:*:*:*:*:*:android:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:38:00.745Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/168e9299-f8ff-40d6-9def-d097b38bad84"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/hamza417/inure/commit/09762e8c059be5983ca55e6424b2b5992fa740e7"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hamza417:inure:*:*:*:*:*:android:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inure",
                "vendor": "hamza417",
                "versions": [
                  {
                    "lessThan": "build92",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4877",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T15:11:46.715441Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T15:12:44.643Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "hamza417/inure",
              "vendor": "hamza417",
              "versions": [
                {
                  "lessThan": "build92",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-10T00:00:42.399Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/168e9299-f8ff-40d6-9def-d097b38bad84"
            },
            {
              "url": "https://github.com/hamza417/inure/commit/09762e8c059be5983ca55e6424b2b5992fa740e7"
            }
          ],
          "source": {
            "advisory": "168e9299-f8ff-40d6-9def-d097b38bad84",
            "discovery": "EXTERNAL"
          },
          "title": "Exposure of Sensitive Information to an Unauthorized Actor in hamza417/inure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-4877",
        "datePublished": "2023-09-10T00:00:42.399Z",
        "dateReserved": "2023-09-10T00:00:37.847Z",
        "dateUpdated": "2024-09-26T15:12:44.643Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4876 (GCVE-0-2023-4876)

    Vulnerability from cvelistv5 – Published: 2023-09-10 00:00 – Updated: 2024-09-26 16:00
    VLAI
    Title
    Exposure of Sensitive Information to an Unauthorized Actor in hamza417/inure
    Summary
    Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    hamza417 hamza417/inure Affected: unspecified , < build92 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:38:00.835Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/f729d2c8-a62e-4f30-ac24-e187b0a7892a"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/hamza417/inure/commit/7db5511753089c3cf477475f1f3b62a6e6ede4a8"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4876",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T15:59:41.491771Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-200",
                    "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-26T16:00:35.540Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "hamza417/inure",
              "vendor": "hamza417",
              "versions": [
                {
                  "lessThan": "build92",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.9,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-10T00:00:19.240Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/f729d2c8-a62e-4f30-ac24-e187b0a7892a"
            },
            {
              "url": "https://github.com/hamza417/inure/commit/7db5511753089c3cf477475f1f3b62a6e6ede4a8"
            }
          ],
          "source": {
            "advisory": "f729d2c8-a62e-4f30-ac24-e187b0a7892a",
            "discovery": "EXTERNAL"
          },
          "title": "Exposure of Sensitive Information to an Unauthorized Actor in hamza417/inure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-4876",
        "datePublished": "2023-09-10T00:00:19.240Z",
        "dateReserved": "2023-09-10T00:00:06.660Z",
        "dateUpdated": "2024-09-26T16:00:35.540Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4435 (GCVE-0-2023-4435)

    Vulnerability from cvelistv5 – Published: 2023-08-20 00:00 – Updated: 2024-10-03 14:11
    VLAI
    Title
    Improper Input Validation in hamza417/inure
    Summary
    Improper Input Validation in GitHub repository hamza417/inure prior to build88.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    hamza417 hamza417/inure Affected: unspecified , < build88 (custom)
    Create a notification for this product.
    hamza417 inure Affected: 0 , < build88 (custom)
        cpe:2.3:a:hamza417:inure:*:*:*:*:*:android:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:24:04.934Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/1875ee85-4b92-4aa4-861e-094137a29276"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/hamza417/inure/commit/e74062e439f860fd144da4bfc3f35e96c19c3abd"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hamza417:inure:*:*:*:*:*:android:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inure",
                "vendor": "hamza417",
                "versions": [
                  {
                    "lessThan": "build88",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4435",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T14:09:18.952502Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T14:11:11.886Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "hamza417/inure",
              "vendor": "hamza417",
              "versions": [
                {
                  "lessThan": "build88",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper Input Validation in GitHub repository hamza417/inure prior to build88."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 7.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-20T00:00:19.448Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/1875ee85-4b92-4aa4-861e-094137a29276"
            },
            {
              "url": "https://github.com/hamza417/inure/commit/e74062e439f860fd144da4bfc3f35e96c19c3abd"
            }
          ],
          "source": {
            "advisory": "1875ee85-4b92-4aa4-861e-094137a29276",
            "discovery": "EXTERNAL"
          },
          "title": "Improper Input Validation in hamza417/inure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-4435",
        "datePublished": "2023-08-20T00:00:19.448Z",
        "dateReserved": "2023-08-20T00:00:06.825Z",
        "dateUpdated": "2024-10-03T14:11:11.886Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-4434 (GCVE-0-2023-4434)

    Vulnerability from cvelistv5 – Published: 2023-08-20 00:00 – Updated: 2024-10-03 14:13
    VLAI
    Title
    Missing Authorization in hamza417/inure
    Summary
    Missing Authorization in GitHub repository hamza417/inure prior to build88.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    hamza417 hamza417/inure Affected: unspecified , < build88 (custom)
    Create a notification for this product.
    hamza417 inure Affected: 0 , < build88 (custom)
        cpe:2.3:a:hamza417:inure:*:*:*:*:*:android:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T07:24:04.981Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://huntr.dev/bounties/19e68377-e071-4a8e-aa4c-cd84a426602e"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/hamza417/inure/commit/2176af74ca3a81fd001e6cc8eea5a8306f484fbb"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:hamza417:inure:*:*:*:*:*:android:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "inure",
                "vendor": "hamza417",
                "versions": [
                  {
                    "lessThan": "build88",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-4434",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T14:11:43.210576Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T14:13:24.746Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "hamza417/inure",
              "vendor": "hamza417",
              "versions": [
                {
                  "lessThan": "build88",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Missing Authorization in GitHub repository hamza417/inure prior to build88."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-20T00:00:18.940Z",
            "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
            "shortName": "@huntrdev"
          },
          "references": [
            {
              "url": "https://huntr.dev/bounties/19e68377-e071-4a8e-aa4c-cd84a426602e"
            },
            {
              "url": "https://github.com/hamza417/inure/commit/2176af74ca3a81fd001e6cc8eea5a8306f484fbb"
            }
          ],
          "source": {
            "advisory": "19e68377-e071-4a8e-aa4c-cd84a426602e",
            "discovery": "EXTERNAL"
          },
          "title": "Missing Authorization in hamza417/inure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "assignerShortName": "@huntrdev",
        "cveId": "CVE-2023-4434",
        "datePublished": "2023-08-20T00:00:18.940Z",
        "dateReserved": "2023-08-20T00:00:06.039Z",
        "dateUpdated": "2024-10-03T14:13:24.746Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }