CVE-2023-2590

CVSS v3.1

7.7

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions answerdev/answer versions prior to 1.0.9

Description The issue is related to missing authorization in the GitHub repository answerdev/answer. This can lead to a user rating their own answer as the best answer.

Recommendations For versions prior to 1.0.9, update to version 1.0.9 or later to resolve the issue.

Exploit

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2023-2590

GHSA-QMQW-R4X6-3W2Q

GO-2023-1774

Affected Products

Answer

CVE-2023-2590

Weakness Enumeration

Related Identifiers

Affected Products

References · 11