{"api_version":"1","generated_at":"2026-06-27T05:42:41+00:00","cve":"CVE-2023-32669","urls":{"html":"https://cve.report/CVE-2023-32669","api":"https://cve.report/api/cve/CVE-2023-32669.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-32669","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-32669"},"summary":{"title":"CVE-2023-32669","description":"Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could allow an authenticated user to access and rename other users' albums. This vulnerability can be exploited by changing the album identification (id).","state":"PUBLIC","assigner":"cve-coordination@incibe.es","published_at":"2023-10-03 13:15:00","updated_at":"2023-10-04 21:07:00"},"problem_types":["CWE-639"],"metrics":[],"references":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-budyboss","name":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-budyboss","refsource":"MISC","tags":[],"title":"Multiple Vulnerabilities Budyboss | INCIBE-CERT | INCIBE","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-32669","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32669","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"32669","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"buddyboss","cpe5":"buddyboss","cpe6":"2.2.9","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-32669","ASSIGNER":"cve-coordination@incibe.es","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could allow an authenticated user to access and rename other users' albums. This vulnerability can be exploited by changing the album identification (id)."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-639 Authorization Bypass Through User-Controlled Key","cweId":"CWE-639"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"BuddyBoss","product":{"product_data":[{"product_name":"BuddyBoss","version":{"version_data":[{"version_affected":"=","version_value":"2.2.9"}]}}]}}]}},"references":{"reference_data":[{"url":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-budyboss","refsource":"MISC","name":"https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-budyboss"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"UNKNOWN"},"credits":[{"lang":"en","value":"Anxo Januario Gonzales"}],"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","version":"3.1"}]}},"nvd":{"publishedDate":"2023-10-03 13:15:00","lastModifiedDate":"2023-10-04 21:07:00","problem_types":["CWE-639"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":2.5}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:buddyboss:buddyboss:2.2.9:*:*:*:*:wordpress:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}