Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2023-38335

UNKNOWN
Published 2023-07-20T00:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-38335. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed to be an irreversible operation. However, due to implementation issues, "always private" Omnis libraries can be opened by the Omnis Studio browser by bypassing specific checks. This violates the expected behavior of an "irreversible operation".

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-4x48-qpw5-qpgr

Advisory Details

Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed to be an irreversible operation. However, due to implementation issues, "always private" Omnis libraries can be opened by the Omnis Studio browser by bypassing specific checks. This violates the expected behavior of an "irreversible operation".

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-38335
WEB https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-005.txt
WEB http://packetstormsecurity.com/files/173695/Omnis-Studio-10.22.00-Library-Setting-Bypass.html
WEB http://seclists.org/fulldisclosure/2023/Jul/41
WEB http://seclists.org/fulldisclosure/2023/Jul/43

Advisory provided by GitHub Security Advisory Database. Published: July 20, 2023, Modified: April 4, 2024

References

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-005.txt
http://seclists.org/fulldisclosure/2023/Jul/41
http://packetstormsecurity.com/files/173695/Omnis-Studio-10.22.00-Library-Setting-Bypass.html
http://seclists.org/fulldisclosure/2023/Jul/43
Published: 2023-07-20T00:00:00
Last Modified: 2024-10-24T20:28:58.255Z
Copied to clipboard!