CVE-2023-50172

2024-01-1016:15:49

CWE-640

[email protected]

web.nvd.nist.gov

cve-2023-50172

recovery notification bypass

wwbn avideo

vulnerability

security

nvd

userrecoverpass.php

captcha validation

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user.

Affected configurations

Vulners

NVD

Node

wwbnavideoRange≤dev master commit 15fed957fb

VendorProductVersionCPE
wwbnavideo*cpe:2.3:a:wwbn:avideo:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wwbn	avideo	*	cpe:2.3:a:wwbn:avideo::::::::

CNA Affected

[
  {
    "vendor": "WWBN",
    "product": "AVideo",
    "versions": [
      {
        "version": "dev master commit 15fed957fb",
        "status": "affected"
      }
    ]
  }
]