Lucene search

[email protected]CVE-2023-50477

HistoryDec 21, 2023 - 11:15 a.m.

CVE-2023-50477

2023-12-2111:15:08

[email protected]

web.nvd.nist.gov

cve-2023-50477

issue

nos client

privilege escalation

getrpcendpoint.js

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.0%

JSON

An issue was discovered in nos client version 0.6.6, allows remote attackers to escalate privileges via getRPCEndpoint.js.

Affected configurations

NVD

Node

nosnos_clientMatch0.6.6

CPENameOperatorVersion
nos:nos_clientnos nos clienteq0.6.6

CPE	Name	Operator	Version
nos:nos_client	nos nos client	eq	0.6.6

References

github.com/nos/client/issues/1485

github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-50477.md

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

51.0%

JSON

Related for CVE-2023-50477

osv1 nvd1 prion1 cvelist1