PT-2023-30428 · Unknown · Craft Members
Published
2023-11-09
·
Updated
2023-11-20
·
CVE-2023-47366
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
craft members version 13.6.1
Description
The issue allows remote attackers to send malicious notifications to victims due to the leakage of channel access token.
Recommendations
For version 13.6.1, consider restricting access to the
craft members module to minimize the risk of exploitation until a patch is available.Exploit
Fix
Inadequate Encryption Strength
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Craft Members