Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-5948

Summary
Assigner-@huntrdev
Assigner Org ID-c09c270a-b464-47c1-9133-acb35b22c19a
Published At-03 Nov, 2023 | 06:40
Updated At-05 Sep, 2024 | 14:32
Rejected At-
Credits

Improper Authorization in teamamaze/amazefileutilities

Improper Authorization in GitHub repository teamamaze/amazefileutilities prior to 1.91.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
ā–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:@huntrdev
Assigner Org ID:c09c270a-b464-47c1-9133-acb35b22c19a
Published At:03 Nov, 2023 | 06:40
Updated At:05 Sep, 2024 | 14:32
Rejected At:
ā–¼CVE Numbering Authority (CNA)
Improper Authorization in teamamaze/amazefileutilities

Improper Authorization in GitHub repository teamamaze/amazefileutilities prior to 1.91.

Affected Products
Vendor
teamamaze
Product
teamamaze/amazefileutilities
Versions
Affected
  • From unspecified before 1.91 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-285CWE-285 Improper Authorization
Type: CWE
CWE ID: CWE-285
Description: CWE-285 Improper Authorization
Metrics
VersionBase scoreBase severityVector
3.08.2HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Version: 3.0
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://huntr.com/bounties/ac1363b5-207b-40d9-aac5-e66d6213f692
N/A
https://github.com/teamamaze/amazefileutilities/commit/62d02204d452603ab85c50d43c7c680e4256c7d7
N/A
Hyperlink: https://huntr.com/bounties/ac1363b5-207b-40d9-aac5-e66d6213f692
Resource: N/A
Hyperlink: https://github.com/teamamaze/amazefileutilities/commit/62d02204d452603ab85c50d43c7c680e4256c7d7
Resource: N/A
ā–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://huntr.com/bounties/ac1363b5-207b-40d9-aac5-e66d6213f692
x_transferred
https://github.com/teamamaze/amazefileutilities/commit/62d02204d452603ab85c50d43c7c680e4256c7d7
x_transferred
Hyperlink: https://huntr.com/bounties/ac1363b5-207b-40d9-aac5-e66d6213f692
Resource:
x_transferred
Hyperlink: https://github.com/teamamaze/amazefileutilities/commit/62d02204d452603ab85c50d43c7c680e4256c7d7
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
teamamaze
Product
amaze_file_utilities
CPEs
  • cpe:2.3:a:teamamaze:amaze_file_utilities:*:*:*:*:*:android:*:*
Default Status
unknown
Versions
Affected
  • From 0 before 1.91 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
ā–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@huntr.dev
Published At:03 Nov, 2023 | 07:15
Updated At:13 Nov, 2023 | 19:55

Improper Authorization in GitHub repository teamamaze/amazefileutilities prior to 1.91.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Secondary3.08.2HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.0
Base score: 8.2
Base severity: HIGH
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
CPE Matches
teamamaze
teamamaze
>>amaze_file_utilities>>Versions before 1.90(exclusive)
cpe:2.3:a:teamamaze:amaze_file_utilities:*:*:*:*:*:android:*:*
Weaknesses
CWE IDTypeSource
CWE-285Primarysecurity@huntr.dev
CWE ID: CWE-285
Type: Primary
Source: security@huntr.dev
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/teamamaze/amazefileutilities/commit/62d02204d452603ab85c50d43c7c680e4256c7d7security@huntr.dev
Patch
https://huntr.com/bounties/ac1363b5-207b-40d9-aac5-e66d6213f692security@huntr.dev
Exploit
Issue Tracking
Patch
Third Party Advisory
Hyperlink: https://github.com/teamamaze/amazefileutilities/commit/62d02204d452603ab85c50d43c7c680e4256c7d7
Source: security@huntr.dev
Resource:
Patch
Hyperlink: https://huntr.com/bounties/ac1363b5-207b-40d9-aac5-e66d6213f692
Source: security@huntr.dev
Resource:
Exploit
Issue Tracking
Patch
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

7Records found
CVE-2024-42032
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-4.4||MEDIUM
EPSS-0.06% / 19.73%
||
7 Day CHG~0.00%
Published-08 Aug, 2024 | 09:05
Updated-18 Sep, 2025 | 07:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Access permission verification vulnerability in the Contacts module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-285
Improper Authorization
CVE-2023-21440
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.06% / 18.53%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 00:00
Updated-24 Mar, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2025-46289
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.53%
||
7 Day CHG~0.00%
Published-12 Dec, 2025 | 20:56
Updated-18 Dec, 2025 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved file handling. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to access protected user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-285
Improper Authorization
CVE-2025-43231
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 3.24%
||
7 Day CHG~0.00%
Published-15 Sep, 2025 | 22:35
Updated-04 Nov, 2025 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8. An app may be able to access user-sensitive data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-285
Improper Authorization
CVE-2025-43403
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.29%
||
7 Day CHG~0.00%
Published-11 Feb, 2026 | 22:58
Updated-13 Feb, 2026 | 14:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. An app may be able to access sensitive user data.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-285
Improper Authorization
CVE-2023-40430
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.12% / 31.74%
||
7 Day CHG~0.00%
Published-10 Jan, 2024 | 22:03
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access removable volumes without user consent.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-285
Improper Authorization
CVE-2022-32838
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 20.07%
||
7 Day CHG~0.00%
Published-24 Aug, 2022 | 19:47
Updated-29 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6. An app may be able to read arbitrary files.

Action-Not Available
Vendor-Apple Inc.
Product-iphone_osmacosipadosmac_os_xmacOS
CWE ID-CWE-285
Improper Authorization
Details not found