CVE-2023-39338
Awaiting Analysis
Awaiting Analysis - Queue
BaseFortify
Publication date: 2025-07-12
Last updated on: 2025-07-15
Assigner: HackerOne
Description
Description
Enables an authenticated user (enrolled device) to access a service protected by Sentry even if they are not authorized according to the sentry policy to access that service. It does not enable the user to authenticate to or use the service, it just provides the tunnel access.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows an authenticated user with an enrolled device to access a service protected by Sentry even if they are not authorized by the Sentry policy to access that service. However, the user cannot authenticate to or use the service itself; they only gain tunnel access.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing unauthorized users to gain tunnel access to protected services, potentially exposing internal network resources or sensitive data paths, even though they cannot directly authenticate to or use the service.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70