Lucene search

GitHub Advisory DatabaseGHSA-8M5F-2XVP-2C8W

HistoryJan 10, 2024 - 6:30 p.m.

WWBN AVideo recovery notification bypass vulnerability

2024-01-1018:30:28

CWE-640

GitHub Advisory Database

github.com

avideo

recovery notification bypass

userrecoverpass.php

captcha validation

vulnerability

http request

user

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

7.3 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to silently create a recovery pass code for any user.

Affected configurations

Vulners

Node

wwbnavideoRange≤12.4

CPENameOperatorVersion
wwbn/avideole12.4

CPE	Name	Operator	Version
	wwbn/avideo	le	12.4

References

github.com/advisories/GHSA-8m5f-2xvp-2c8w

github.com/WWBN/AVideo/commit/15fed957fb64b4055158acfc449bd7974346edb5

nvd.nist.gov/vuln/detail/CVE-2023-50172

talosintelligence.com/vulnerability_reports/TALOS-2023-1897

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

7.3 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for GHSA-8M5F-2XVP-2C8W