Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-ewkb-k7wu-97fe
Vulnerability ID VCID-ewkb-k7wu-97fe
Aliases GHSA-h45f-rjvw-2rv2
Summary Withdrawn: wallabag subject to Improper Authorization ## Duplicate advisory This advisory has been withdrawn because it is a duplicate of [GHSA-qwx8-mxxx-mg96](https://github.com/advisories/GHSA-qwx8-mxxx-mg96). This link is maintained to preserve external references. ## Original Description Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-285 Improper Authorization
System Score Found at
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-h45f-rjvw-2rv2
cvssv3.1 4.3 https://github.com/wallabag/wallabag/commit/0f7460dbab9e29f4f7d2944aca20210f828b6abb
generic_textual MODERATE https://github.com/wallabag/wallabag/commit/0f7460dbab9e29f4f7d2944aca20210f828b6abb
cvssv3.1 4.3 https://huntr.dev/bounties/3adef66f-fc86-4e6d-a540-2ffa59342ff0
generic_textual MODERATE https://huntr.dev/bounties/3adef66f-fc86-4e6d-a540-2ffa59342ff0
cvssv3.1 4.3 https://nvd.nist.gov/vuln/detail/CVE-2023-0609
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2023-0609
Reference id Reference type URL
https://github.com/wallabag/wallabag/commit/0f7460dbab9e29f4f7d2944aca20210f828b6abb
https://huntr.dev/bounties/3adef66f-fc86-4e6d-a540-2ffa59342ff0
CVE-2023-0609 https://nvd.nist.gov/vuln/detail/CVE-2023-0609
GHSA-h45f-rjvw-2rv2 https://github.com/advisories/GHSA-h45f-rjvw-2rv2
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/wallabag/wallabag/commit/0f7460dbab9e29f4f7d2944aca20210f828b6abb
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://huntr.dev/bounties/3adef66f-fc86-4e6d-a540-2ffa59342ff0
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-0609
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-05-31T11:06:28.500523+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-h45f-rjvw-2rv2/GHSA-h45f-rjvw-2rv2.json 38.6.0