PT-2023-23162 · Effectindex · Tripreporter

5Ht2

Publicado

2023-05-08

Atualizado

2023-05-15

CVE-2023-31123

CVSS v3.1

9.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions effectindex/tripreporter versions prior to commit bd80ba833b9023d39ca22e29874296c8729dd53b

Description The issue concerns an improper password verification vulnerability. This vulnerability allows any user with a password matching the password requirements to log in as any user, potentially leading to access to accounts and data loss of the user.

Recommendations For versions prior to commit bd80ba833b9023d39ca22e29874296c8729dd53b, update to this commit or newer as soon as possible. As a temporary workaround, someone running their own instance may apply the patch manually.

Exploit

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2023-31123

GHSA-356R-RWP8-H6M6

Produtos afetados

Tripreporter

PT-2023-23162 · Effectindex · Tripreporter

CVE-2023-31123

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6