Primary

Context

HomeBox Missing Authorization Vulnerability in Attachment Management API

Vulnerability

A vulnerability exists in HomeBox versions through 0.20.0, where the API endpoints for updating and deleting inventory item attachments lack proper authorization checks. This flaw enables authenticated users to manipulate attachments that do not belong to them, potentially leading to unauthorized changes or deletion of important inventory data.

Impact

Exploitation of this vulnerability allows authenticated users to update or delete inventory item attachments belonging to other users, without proper authorization or verification of ownership.

Remediation

Users are advised to upgrade to HomeBox version 0.20.1.

Added: Jul 2, 2025, 4:51 PM

Updated: Jul 2, 2025, 4:51 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.9

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.9

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HomeBox Missing Authorization Vulnerability in Attachment Management API

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating