CVE-2023-32687

Name of the Vulnerable Software and Affected Versions tgstation-server versions 4.7.0 through 5.12.1

Description The issue allows instance users with the list chat bots permission to read chat bot connection strings without the required permission. This affects a significant number of devices, but the exact number is not specified. As a workaround, removing the list chat bots permission from users who should not have access to connection strings can mitigate the issue. It is also recommended to invalidate any previously stored credentials for safety.

Recommendations For versions 4.7.0 through 5.12.1, update to version 5.12.1 to resolve the issue. As a temporary workaround, consider removing the list chat bots permission from users that should not have the ability to view connection strings. Invalidate any credentials previously stored for safety.