Skip to main content

CVE-2023-39338

| EUVDEUVD-2023-43069 MEDIUM
Incorrect Permission Assignment for Critical Resource (CWE-732)
2025-07-12 support@hackerone.com
6.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
9.20
EUVD ID Assigned
Mar 16, 2026 - 08:56 euvd
EUVD-2023-43069
Analysis Generated
Mar 16, 2026 - 08:56 vuln.today
CVE Published
Jul 12, 2025 - 04:15 nvd
MEDIUM 6.8

DescriptionCVE.org

Enables an authenticated user (enrolled device) to access a service protected by Sentry even if they are not authorized according to the sentry policy to access that service. It does not enable the user to authenticate to or use the service, it just provides the tunnel access.

AnalysisAI

CVE-2023-39338 is a security vulnerability (CVSS 6.8) that allows the user. Remediation should follow standard vulnerability management procedures.

Technical ContextAI

CWE-732 (Incorrect Permissions).

RemediationAI

Monitor vendor channels for patch availability.

Share

CVE-2023-39338 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy