Lucene search

[email protected]CVE-2023-33981

HistoryMay 24, 2023 - 6:15 p.m.

CVE-2023-33981

2023-05-2418:15:10

CWE-354

[email protected]

web.nvd.nist.gov

cve-2023-33981

briar

message spoofing

blog

forum

private group

security vulnerability

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.3 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

14.2%

JSON

Briar before 1.4.22 allows attackers to spoof other users’ messages in a blog, forum, or private group, but each spoofed message would need to be an exact duplicate of a legitimate message displayed alongside the spoofed one.

CPENameOperatorVersion
briarproject:briarbriarproject briarlt1.4.22
briarproject:briarbriarproject briareq1.0.11
briarproject:briarbriarproject briareq1.4.4
briarproject:briarbriarproject briareq1.3.3
briarproject:briarbriarproject briareq1.3.4
briarproject:briarbriarproject briareq1.4.17
briarproject:briarbriarproject briareq1.4.7
briarproject:briarbriarproject briareq1.1.3
briarproject:briarbriarproject briareq1.3.2
briarproject:briarbriarproject briareq1.2.8

CPE	Name	Operator	Version
briarproject:briar	briarproject briar	lt	1.4.22
briarproject:briar	briarproject briar	eq	1.0.11
briarproject:briar	briarproject briar	eq	1.4.4
briarproject:briar	briarproject briar	eq	1.3.3
briarproject:briar	briarproject briar	eq	1.3.4
briarproject:briar	briarproject briar	eq	1.4.17
briarproject:briar	briarproject briar	eq	1.4.7
briarproject:briar	briarproject briar	eq	1.1.3
briarproject:briar	briarproject briar	eq	1.3.2
briarproject:briar	briarproject briar	eq	1.2.8

Rows per page:

1-10 of 661

References

briarproject.org/news/2023-three-security-issues-found-and-fixed/

ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_YuanmingSong.pdf

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.3 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

14.2%

JSON

Related for CVE-2023-33981

prion1