Lucene search

[email protected]NVD:CVE-2023-46754

HistoryOct 26, 2023 - 5:15 a.m.

CVE-2023-46754

2023-10-2605:15:26

CWE-863

[email protected]

web.nvd.nist.gov

obl.ong

admin panel

authorization bypass

email otp

numerical values

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

20.2%

JSON

The admin panel for Obl.ong before 1.1.2 allows authorization bypass because the email OTP feature accepts arbitrary numerical values.

Affected configurations

Nvd

Node

obl.ongadminRange<1.1.2

VendorProductVersionCPE
obl.ongadmin*cpe:2.3:a:obl.ong:admin:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
obl.ong	admin	*	cpe:2.3:a:obl.ong:admin::::::::

References

github.com/obl-ong/admin/releases/tag/v1.1.2

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

20.2%

JSON

Related for NVD:CVE-2023-46754

cve1 cvelist1 vulnrichment1 osv1 prion1