CVE-2023-3700 — Easy!Appointments Improper Access Control vulnerability

Description

Easy!Appointments 1.4.3 and prior has an Improper Access Control vulnerability. This issue is patched at commit b37b46019553089db4f22eb2fe998bca84b2cb64 and anticipated to be part of version 1.5.0.

How to fix CVE-2023-3700

To remediate CVE-2023-3700, upgrade the affected package to a fixed version below.

Packagist/alextselegidis/easyappointments—upgrade to 1.5.0 or later

Is CVE-2023-3700 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 1.5.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.3	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

References (4)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2023-3700
PATCHgithub.com/alextselegidis/easyappointments
WEBgithub.com/alextselegidis/easyappointments/commit/b37b46019553089db4f22eb2fe998bca84b2cb64
WEBhuntr.dev/bounties/e8d530db-a6a7-4f79-a95d-b77654cc04f8