PT-2023-27091 · Unknown · Vision Meat Works Trackdiner10/10 Mc Line
Published
2023-10-24
·
Updated
2024-09-11
·
CVE-2023-39734
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
VISION MEAT WORKS TrackDiner10/10 mc Line version 13.6.1
Description
The leakage of the client secret allows attackers to obtain the channel access token and send crafted broadcast messages.
Recommendations
For version 13.6.1, consider restricting access to the channel access token to minimize the risk of exploitation. As a temporary workaround, avoid using the affected version until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.
Exploit
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vision Meat Works Trackdiner10/10 Mc Line