{"id":"CVE-2023-43336","details":"Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.","modified":"2026-04-12T07:19:53.449870Z","published":"2023-11-02T12:15:09.673Z","references":[{"type":"WEB","url":"http://freepbx.com"},{"type":"WEB","url":"http://sangoma.com"},{"type":"EVIDENCE","url":"https://medium.com/%40janirudransh/security-disclosure-of-vulnerability-cve-2023-23336-4429d416f826"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/freepbx/framework","events":[{"introduced":"0"},{"fixed":"79537234fc12d8d335872e9271df31b1881bc102"},{"fixed":"42db32b28137df82fe4982df992d560804ce71c7"},{"introduced":"b18510d02ee77c67018ce891cbb5ef7a2d0c8b43"},{"fixed":"e8ed810b0b56a86d30da034aeb24342e1eab6f07"},{"fixed":"ea294ce5815344efff62947cf34c56f62e3d2baf"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"15.0.16"},{"fixed":"15.0.18"},{"introduced":"16.0.2"},{"fixed":"16.0.17"},{"fixed":"16.0.40"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*"}}],"versions":["release/12.0.0.0alpha1.0","release/12.0.1alpha1","release/12.0.1alpha10","release/12.0.1alpha11","release/12.0.1alpha12","release/12.0.1alpha13","release/12.0.1alpha14","release/12.0.1alpha16","release/12.0.1alpha17","release/12.0.1alpha18","release/12.0.1alpha19","release/12.0.1alpha2","release/12.0.1alpha20","release/12.0.1alpha21","release/12.0.1alpha22","release/12.0.1alpha23","release/12.0.1alpha24","release/12.0.1alpha25","release/12.0.1alpha26","release/12.0.1alpha27","release/12.0.1alpha28","release/12.0.1alpha29","release/12.0.1alpha3","release/12.0.1alpha30","release/12.0.1alpha31","release/12.0.1alpha32","release/12.0.1alpha4","release/12.0.1alpha5","release/12.0.1alpha7","release/13.0.1RC1.20","release/13.0.1RC1.21","release/13.0.1RC1.22","release/13.0.1RC1.23","release/13.0.1RC1.24","release/13.0.1RC1.25","release/13.0.1RC1.26","release/13.0.1RC1.27","release/13.0.1RC1.28","release/13.0.1RC1.30","release/13.0.1alpha10","release/13.0.1alpha11","release/13.0.1alpha12","release/13.0.1alpha14","release/13.0.1alpha15","release/13.0.1alpha16","release/13.0.1alpha17","release/13.0.1alpha18","release/13.0.1alpha19","release/13.0.1alpha2","release/13.0.1alpha20","release/13.0.1alpha21","release/13.0.1alpha22","release/13.0.1alpha23","release/13.0.1alpha24","release/13.0.1alpha25","release/13.0.1alpha26","release/13.0.1alpha27","release/13.0.1alpha28","release/13.0.1alpha29","release/13.0.1alpha3","release/13.0.1alpha30","release/13.0.1alpha31","release/13.0.1alpha32","release/13.0.1alpha33","release/13.0.1alpha34","release/13.0.1alpha35","release/13.0.1alpha36","release/13.0.1alpha37","release/13.0.1alpha38","release/13.0.1alpha39","release/13.0.1alpha4","release/13.0.1alpha40","release/13.0.1alpha41","release/13.0.1alpha42","release/13.0.1alpha43","release/13.0.1alpha44","release/13.0.1alpha45","release/13.0.1alpha46","release/13.0.1alpha47","release/13.0.1alpha48","release/13.0.1alpha49","release/13.0.1alpha5","release/13.0.1alpha50","release/13.0.1alpha51","release/13.0.1alpha52","release/13.0.1alpha53","release/13.0.1alpha54","release/13.0.1alpha55","release/13.0.1alpha56","release/13.0.1alpha57","release/13.0.1alpha58","release/13.0.1alpha59","release/13.0.1alpha6","release/13.0.1alpha60","release/13.0.1alpha61","release/13.0.1alpha62","release/13.0.1alpha63","release/13.0.1alpha64","release/13.0.1alpha65","release/13.0.1alpha66","release/13.0.1alpha67","release/13.0.1alpha68","release/13.0.1alpha69","release/13.0.1alpha7","release/13.0.1alpha8","release/13.0.1alpha9","release/13.0.1beta1","release/13.0.1beta2","release/13.0.1beta3","release/13.0.1beta3.1","release/13.0.1beta3.10","release/13.0.1beta3.11","release/13.0.1beta3.12","release/13.0.1beta3.13","release/13.0.1beta3.14","release/13.0.1beta3.15","release/13.0.1beta3.16","release/13.0.1beta3.17","release/13.0.1beta3.18","release/13.0.1beta3.19","release/13.0.1beta3.2","release/13.0.1beta3.20","release/13.0.1beta3.21","release/13.0.1beta3.22","release/13.0.1beta3.23","release/13.0.1beta3.24","release/13.0.1beta3.25","release/13.0.1beta3.3","release/13.0.1beta3.4","release/13.0.1beta3.5","release/13.0.1beta3.53","release/13.0.1beta3.54","release/13.0.1beta3.55","release/13.0.1beta3.56","release/13.0.1beta3.57","release/13.0.1beta3.58","release/13.0.1beta3.59","release/13.0.1beta3.6","release/13.0.1beta3.60","release/13.0.1beta3.61","release/13.0.1beta3.62","release/13.0.1beta3.63","release/13.0.1beta3.7","release/13.0.1beta3.9","release/13.0.4","release/13.0.5","release/13.0.6","release/14.0.1","release/14.0.1.1","release/14.0.1alpha1","release/14.0.1alpha10","release/14.0.1alpha11","release/14.0.1alpha12","release/14.0.1alpha13","release/14.0.1alpha14","release/14.0.1alpha15","release/14.0.1alpha16","release/14.0.1alpha17","release/14.0.1alpha18","release/14.0.1alpha19","release/14.0.1alpha2","release/14.0.1alpha20","release/14.0.1alpha21","release/14.0.1alpha22","release/14.0.1alpha23","release/14.0.1alpha24","release/14.0.1alpha25","release/14.0.1alpha26","release/14.0.1alpha27","release/14.0.1alpha28","release/14.0.1alpha29","release/14.0.1alpha3","release/14.0.1alpha30","release/14.0.1alpha31","release/14.0.1alpha32","release/14.0.1alpha33","release/14.0.1alpha34","release/14.0.1alpha35","release/14.0.1alpha4","release/14.0.1alpha5","release/14.0.1alpha6","release/14.0.1alpha7","release/14.0.1alpha8","release/14.0.1alpha9","release/14.0.1beta1","release/14.0.1beta10","release/14.0.1beta11","release/14.0.1beta12","release/14.0.1beta13","release/14.0.1beta14","release/14.0.1beta15","release/14.0.1beta16","release/14.0.1beta17","release/14.0.1beta18","release/14.0.1beta19","release/14.0.1beta2","release/14.0.1beta20","release/14.0.1beta3","release/14.0.1beta4","release/14.0.1beta5","release/14.0.1beta6","release/14.0.1beta7","release/14.0.1beta8","release/14.0.1beta9","release/14.0.1rc1","release/14.0.1rc1.1","release/14.0.1rc1.10","release/14.0.1rc1.11","release/14.0.1rc1.12","release/14.0.1rc1.13","release/14.0.1rc1.14","release/14.0.1rc1.15","release/14.0.1rc1.16","release/14.0.1rc1.17","release/14.0.1rc1.18","release/14.0.1rc1.19","release/14.0.1rc1.2","release/14.0.1rc1.21","release/14.0.1rc1.22","release/14.0.1rc1.23","release/14.0.1rc1.24","release/14.0.1rc1.25","release/14.0.1rc1.26","release/14.0.1rc1.27","release/14.0.1rc1.29","release/14.0.1rc1.3","release/14.0.1rc1.30","release/14.0.1rc1.4","release/14.0.1rc1.5","release/14.0.1rc1.6","release/14.0.1rc1.7","release/14.0.1rc1.8","release/15.0.1.1","release/15.0.1.10","release/15.0.1.11","release/15.0.1.12","release/15.0.1.13","release/15.0.1.14","release/15.0.1.15","release/15.0.1.16","release/15.0.1.17","release/15.0.1.18","release/15.0.1.19","release/15.0.1.2","release/15.0.1.21","release/15.0.1.22","release/15.0.1.23","release/15.0.1.24","release/15.0.1.25","release/15.0.1.26","release/15.0.1.27","release/15.0.1.28","release/15.0.1.29","release/15.0.1.3","release/15.0.1.30","release/15.0.1.31","release/15.0.1.32","release/15.0.1.33","release/15.0.1.34","release/15.0.1.35","release/15.0.1.36","release/15.0.1.37","release/15.0.1.38","release/15.0.1.39","release/15.0.1.4","release/15.0.1.40","release/15.0.1.41","release/15.0.1.42","release/15.0.1.5","release/15.0.1.6","release/15.0.1.7","release/15.0.1.8","release/15.0.1.9","release/15.0.10","release/15.0.10.1","release/15.0.10.2","release/15.0.10.3","release/15.0.11","release/15.0.11.1","release/15.0.12","release/15.0.14","release/15.0.15","release/15.0.15.1","release/15.0.15.2","release/15.0.15.3","release/15.0.15.4","release/15.0.16","release/15.0.16.1","release/15.0.16.10","release/15.0.16.11","release/15.0.16.12","release/15.0.16.13","release/15.0.16.14","release/15.0.16.15","release/15.0.16.16","release/15.0.16.17","release/15.0.16.18","release/15.0.16.19","release/15.0.16.2","release/15.0.16.20","release/15.0.16.21","release/15.0.16.22","release/15.0.16.23","release/15.0.16.26","release/15.0.16.27","release/15.0.16.28","release/15.0.16.29","release/15.0.16.3","release/15.0.16.30","release/15.0.16.31","release/15.0.16.32","release/15.0.16.33","release/15.0.16.34","release/15.0.16.35","release/15.0.16.36","release/15.0.16.37","release/15.0.16.38","release/15.0.16.39","release/15.0.16.4","release/15.0.16.40","release/15.0.16.41","release/15.0.16.42","release/15.0.16.43","release/15.0.16.44","release/15.0.16.45","release/15.0.16.46","release/15.0.16.47","release/15.0.16.48","release/15.0.16.49","release/15.0.16.5","release/15.0.16.50","release/15.0.16.51","release/15.0.16.52","release/15.0.16.53","release/15.0.16.54","release/15.0.16.55","release/15.0.16.56","release/15.0.16.57","release/15.0.16.58","release/15.0.16.59","release/15.0.16.6","release/15.0.16.60","release/15.0.16.61","release/15.0.16.62","release/15.0.16.63","release/15.0.16.64","release/15.0.16.65","release/15.0.16.66","release/15.0.16.67","release/15.0.16.68","release/15.0.16.69","release/15.0.16.7","release/15.0.16.70","release/15.0.16.71","release/15.0.16.72","release/15.0.16.73","release/15.0.16.74","release/15.0.16.75","release/15.0.16.76","release/15.0.16.77","release/15.0.16.78","release/15.0.16.8","release/15.0.16.80","release/15.0.16.81","release/15.0.16.82","release/15.0.16.9","release/15.0.17","release/15.0.17.1","release/15.0.17.10","release/15.0.17.11","release/15.0.17.12","release/15.0.17.13","release/15.0.17.14","release/15.0.17.15","release/15.0.17.16","release/15.0.17.17","release/15.0.17.18","release/15.0.17.19","release/15.0.17.2","release/15.0.17.20","release/15.0.17.21","release/15.0.17.22","release/15.0.17.23","release/15.0.17.24","release/15.0.17.25","release/15.0.17.26","release/15.0.17.27","release/15.0.17.28","release/15.0.17.29","release/15.0.17.3","release/15.0.17.30","release/15.0.17.31","release/15.0.17.32","release/15.0.17.33","release/15.0.17.34","release/15.0.17.35","release/15.0.17.36","release/15.0.17.37","release/15.0.17.38","release/15.0.17.39","release/15.0.17.4","release/15.0.17.40","release/15.0.17.41","release/15.0.17.42","release/15.0.17.43","release/15.0.17.44","release/15.0.17.45","release/15.0.17.46","release/15.0.17.47","release/15.0.17.48","release/15.0.17.49","release/15.0.17.5","release/15.0.17.50","release/15.0.17.51","release/15.0.17.52","release/15.0.17.53","release/15.0.17.54","release/15.0.17.55","release/15.0.17.56","release/15.0.17.57","release/15.0.17.58","release/15.0.17.59","release/15.0.17.6","release/15.0.17.60","release/15.0.17.61","release/15.0.17.62","release/15.0.17.63","release/15.0.17.64","release/15.0.17.65","release/15.0.17.66","release/15.0.17.67","release/15.0.17.68","release/15.0.17.7","release/15.0.17.8","release/15.0.17.9","release/15.0.1alpha2","release/15.0.1alpha3","release/15.0.1beta1","release/15.0.1beta2","release/15.0.1beta3","release/15.0.2","release/15.0.2.1","release/15.0.2.10","release/15.0.2.11","release/15.0.2.12","release/15.0.2.13","release/15.0.2.14","release/15.0.2.15","release/15.0.2.16","release/15.0.2.2","release/15.0.2.3","release/15.0.2.4","release/15.0.2.5","release/15.0.2.6","release/15.0.2.7","release/15.0.2.8","release/15.0.2.9","release/15.0.3","release/15.0.4","release/15.0.5","release/15.0.5.1","release/15.0.5.11","release/15.0.5.12","release/15.0.5.13","release/15.0.5.14","release/15.0.5.2","release/15.0.5.3","release/15.0.5.6","release/15.0.5.7","release/15.0.5.8","release/15.0.5.9","release/15.0.6","release/15.0.6.1","release/15.0.6.11","release/15.0.6.12","release/15.0.6.13","release/15.0.6.14","release/15.0.6.15","release/15.0.6.16","release/15.0.6.17","release/15.0.6.18","release/15.0.6.2","release/15.0.6.3","release/15.0.6.4","release/15.0.6.5","release/15.0.6.6","release/15.0.6.7","release/15.0.6.8","release/15.0.6.9","release/15.0.7","release/15.0.8","release/15.0.8.1","release/15.0.9","release/16.0.10","release/16.0.10.1","release/16.0.10.10","release/16.0.10.11","release/16.0.10.12","release/16.0.10.13","release/16.0.10.14","release/16.0.10.15","release/16.0.10.16","release/16.0.10.17","release/16.0.10.18","release/16.0.10.19","release/16.0.10.2","release/16.0.10.20","release/16.0.10.21","release/16.0.10.22","release/16.0.10.23","release/16.0.10.24","release/16.0.10.25","release/16.0.10.26","release/16.0.10.27","release/16.0.10.28","release/16.0.10.29","release/16.0.10.3","release/16.0.10.30","release/16.0.10.31","release/16.0.10.32","release/16.0.10.33","release/16.0.10.34","release/16.0.10.35","release/16.0.10.36","release/16.0.10.37","release/16.0.10.38","release/16.0.10.39","release/16.0.10.4","release/16.0.10.40","release/16.0.10.41","release/16.0.10.42","release/16.0.10.43","release/16.0.10.44","release/16.0.10.45","release/16.0.10.46","release/16.0.10.47","release/16.0.10.48","release/16.0.10.49","release/16.0.10.5","release/16.0.10.50","release/16.0.10.51","release/16.0.10.6","release/16.0.10.7","release/16.0.10.8","release/16.0.10.9","release/16.0.11","release/16.0.12","release/16.0.13","release/16.0.14","release/16.0.15","release/16.0.16","release/16.0.17","release/16.0.18","release/16.0.19","release/16.0.19.1","release/16.0.19.2","release/16.0.19.3","release/16.0.19.4","release/16.0.19.5","release/16.0.19.6","release/16.0.20","release/16.0.21","release/16.0.21.1","release/16.0.21.10","release/16.0.21.11","release/16.0.21.12","release/16.0.21.13","release/16.0.21.14","release/16.0.21.15","release/16.0.21.16","release/16.0.21.17","release/16.0.21.18","release/16.0.21.19","release/16.0.21.2","release/16.0.21.20","release/16.0.21.21","release/16.0.21.3","release/16.0.21.4","release/16.0.21.5","release/16.0.21.6","release/16.0.21.7","release/16.0.21.8","release/16.0.21.9","release/16.0.22","release/16.0.23","release/16.0.24","release/16.0.25","release/16.0.26","release/16.0.27","release/16.0.28","release/16.0.29","release/16.0.3","release/16.0.30","release/16.0.31","release/16.0.32","release/16.0.33","release/16.0.34","release/16.0.35","release/16.0.36","release/16.0.37","release/16.0.38","release/16.0.39","release/16.0.4","release/16.0.5","release/16.0.6","release/16.0.7","release/16.0.8","release/16.0.9","release/2.11.0.0","release/2.11.0.0beta1.0","release/2.11.0.0beta1.1","release/2.11.0.0beta1.2","release/2.11.0.0beta1.3","release/2.11.0.0beta1.4","release/2.11.0.0beta1.5","release/2.11.0.0beta2.0","release/2.11.0.0beta2.1","release/2.11.0.0beta2.2","release/2.11.0.0beta2.3","release/2.11.0.0beta2.4","release/2.11.0.0beta2.5","release/2.11.0.0beta2.6","release/2.11.0.0beta2.8","release/2.11.0.0beta2.9","release/2.11.0.0rc1.0","release/2.11.0.0rc1.1","release/2.11.0.0rc1.2","release/2.11.0.0rc1.3","release/2.11.0.0rc1.4","release/2.11.0.0rc1.5","release/2.11.0.0rc1.7","release/2.11.0.1","release/2.11.0.10","release/2.11.0.11","release/2.11.0.2","release/2.11.0.3","release/2.11.0.4","release/2.11.0.5","release/2.11.0.6","release/2.11.0.7","release/2.11.0.8","release/2.11.0.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-43336.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}