PT-2023-23162 · Effectindex · Tripreporter

5Ht2

Published

2023-05-08

Updated

2023-05-15

CVE-2023-31123

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions effectindex/tripreporter versions prior to commit bd80ba833b9023d39ca22e29874296c8729dd53b

Description The issue concerns an improper password verification vulnerability. This vulnerability allows any user with a password matching the password requirements to log in as any user, potentially leading to access to accounts and data loss of the user.

Recommendations For versions prior to commit bd80ba833b9023d39ca22e29874296c8729dd53b, update to this commit or newer as soon as possible. As a temporary workaround, someone running their own instance may apply the patch manually.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2023-31123

GHSA-356R-RWP8-H6M6

Affected Products

Tripreporter

PT-2023-23162 · Effectindex · Tripreporter

CVE-2023-31123

Weakness Enumeration

Related Identifiers

Affected Products

References · 6