CVE-2023-30059

Published May 12th, 2026

View on NVD ↗

CVSS v3

5.4

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter through a crafted GET request.

yueslly/MKAUTH-IDOR

An idor was found at a brazilian ISP system.

GitHub