CVE-2023-50713

Name of the Vulnerable Software and Affected Versions Speckle Server versions prior to 2.17.6

Description A vulnerability affects users who authorized an application with 'token write' scope or created a Personal Access Token (PAT) with token write scope. The issue allows a malicious actor to generate further tokens with additional privileges, up to the existing privileges of the user, using a token with only token write scope. This cannot be used to escalate a user's privileges or grant privileges on behalf of other users.

Recommendations For versions prior to 2.17.6, upgrade the server to version 2.17.6 or higher. Review existing tokens and permanently revoke any unrecognized tokens. Revoke existing tokens and create new tokens. Review usage of the account for suspicious activity.