PT-2023-30712 · Answerdev · Answer

Published

2023-09-06

Updated

2024-08-21

CVE-2023-4815

CVSS v3.1

8.3

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions answerdev/answer versions prior to v1.1.3

Description The issue is related to missing authentication for a critical function in the GitHub repository answerdev/answer. This could potentially allow unauthorized access to sensitive data or functions.

Recommendations For versions prior to v1.1.3, update to version v1.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to critical functions until a patch is applied.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2023-4815

GHSA-PJ2H-85JQ-G5VG

GO-2023-2051

Affected Products

Answer

PT-2023-30712 · Answerdev · Answer

CVE-2023-4815

Weakness Enumeration

Related Identifiers

Affected Products

References · 13