CVE-2022-23627

Name of the Vulnerable Software and Affected Versions ArchiSteamFarm versions V5.2.2.2 through V5.2.2.4

Description The issue is caused by a bug in the ArchiSteamFarm (ASF) code, which fails to adequately verify the effective access of the user sending proxy commands. Specifically, a proxy-like command sent to one bot and targeting another bot has its user's access verified against the wrong bot. This allows access to resources beyond those configured, posing a security threat to the confidentiality of other bot instances. A successful attack requires significant access granted by the original owner of the ASF process, as the attacker must control at least one bot to exploit this loophole.

Recommendations For ArchiSteamFarm versions V5.2.2.2 through V5.2.2.4, update to version V5.2.2.5, V5.2.3.2, or a future version as soon as possible to patch the issue. As a temporary workaround, consider restricting access to the [Bots] commands to minimize the risk of exploitation.