Vulnerability Details CVE-2023-40362
An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.02
EPSS Ranking 83.0%
CVSS Severity
CVSS v3 Score 4.3
References
- https://github.com/ally-petitt/CVE-2023-40362
- https://www.classaction.org/news/centralsquare-hit-with-class-action-over-2017-2018-click2gov-data-breach
- https://github.com/ally-petitt/CVE-2023-40362
- https://www.classaction.org/news/centralsquare-hit-with-class-action-over-2017-2018-click2gov-data-breach
Products affected by CVE-2023-40362
-
cpe:2.3:a:centralsquare:click2gov_building_permit:-