Lucene search

GitHub Advisory DatabaseGHSA-G7GF-2RQW-5RWX

HistoryJan 29, 2023 - 6:30 p.m.

Publify contains Weak Password Requirements

2023-01-2918:30:31

CWE-521

GitHub Advisory Database

github.com

publify

weak password

github

security

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

26.7%

JSON

Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10.

Affected configurations

Vulners

Node

publify_projectpublifyRange<9.2.10

CPENameOperatorVersion
publify_corelt9.2.10

CPE	Name	Operator	Version
	publify_core	lt	9.2.10

References

github.com/advisories/GHSA-g7gf-2rqw-5rwx

github.com/publify/publify/commit/8905e4e639cf03b758da558568a86c9816253b2d

github.com/rubysec/ruby-advisory-db/blob/master/gems/publify_core/CVE-2023-0569.yml

huntr.dev/bounties/81b1e1da-10dd-435e-94ae-4bdd41df6df9

nvd.nist.gov/vuln/detail/CVE-2023-0569

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

26.7%

JSON

Related for GHSA-G7GF-2RQW-5RWX