Lucene search

[email protected]NVD:CVE-2023-49589

HistoryJan 10, 2024 - 4:15 p.m.

CVE-2023-49589

2024-01-1016:15:48

CWE-640

[email protected]

web.nvd.nist.gov

insufficient entropy

userrecoverpass.php

avideo

arbitrary user password recovery

http request

vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

20.2%

JSON

An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to an arbitrary user password recovery. An attacker can send an HTTP request to trigger this vulnerability.

Affected configurations

Nvd

Node

wwbnavideoMatch15fed957fb

VendorProductVersionCPE
wwbnavideo15fed957fbcpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wwbn	avideo	15fed957fb	cpe:2.3:a:wwbn:avideo:15fed957fb:::::::*

References

talosintelligence.com/vulnerability_reports/TALOS-2023-1896

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

20.2%

JSON

Related for NVD:CVE-2023-49589

prion1 talos1 cve1 cvelist1 talosblog1