{"id":"CVE-2023-3431","summary":"Improper Access Control in plantuml/plantuml","details":"Improper Access Control in GitHub repository plantuml/plantuml prior to 1.2023.9.","aliases":["GHSA-p2mf-q26j-3xmh"],"modified":"2026-04-10T04:58:27.668800Z","published":"2023-06-27T14:28:33.739Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3431.json","cwe_ids":["CWE-284"],"cna_assigner":"@huntrdev"},"references":[{"type":"WEB","url":"https://huntr.dev/bounties/fa741f95-b53c-4ed7-b157-e32c5145164c"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FV7XL3CY3K3K5ER3ASMEQA546MIQQ7QM/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3431.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3431"},{"type":"FIX","url":"https://github.com/plantuml/plantuml/commit/fbe7fa3b25b4c887d83927cffb1009ec6cb8ab1e"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/plantuml/plantuml","events":[{"introduced":"0"},{"fixed":"74574c4f57d8d56b0e740b64e3d005ed071b2da2"}]}],"versions":["v1.2017.12","v1.2017.13","v1.2017.14","v1.2017.15","v1.2017.17","v1.2017.18","v1.2017.19","v1.2017.20","v1.2018.0","v1.2018.1","v1.2018.10","v1.2018.11","v1.2018.12","v1.2018.13","v1.2018.14","v1.2018.2","v1.2018.3","v1.2018.4","v1.2018.5","v1.2018.6","v1.2018.7","v1.2018.8","v1.2018.9","v1.2019.0","v1.2019.1","v1.2019.10","v1.2019.11","v1.2019.12","v1.2019.13","v1.2019.2","v1.2019.4","v1.2019.5","v1.2019.6","v1.2019.7","v1.2019.8","v1.2019.9","v1.2020.0","v1.2020.1","v1.2020.10","v1.2020.11","v1.2020.12","v1.2020.13","v1.2020.14","v1.2020.15","v1.2020.16","v1.2020.17","v1.2020.18","v1.2020.19","v1.2020.2","v1.2020.20","v1.2020.21","v1.2020.22","v1.2020.23","v1.2020.24","v1.2020.26","v1.2020.3","v1.2020.4","v1.2020.6","v1.2020.7","v1.2020.8","v1.2020.9","v1.2021.0","v1.2021.1","v1.2021.10","v1.2021.12","v1.2021.13","v1.2021.14","v1.2021.15","v1.2021.16","v1.2021.2","v1.2021.3","v1.2021.4","v1.2021.5","v1.2021.6","v1.2021.7","v1.2021.8","v1.2021.9","v1.2022.0","v1.2022.1","v1.2022.10","v1.2022.11","v1.2022.12","v1.2022.13","v1.2022.14","v1.2022.2","v1.2022.3","v1.2022.4","v1.2022.5","v1.2022.6","v1.2022.7","v1.2022.8","v1.2022.9","v1.2023.0","v1.2023.1","v1.2023.2","v1.2023.3","v1.2023.4","v1.2023.5","v1.2023.6","v1.2023.7","v1.2023.8","v2017.08","v2017.09","v2017.11","v8059"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3431.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}