Lucene search

GoogleOSV:CVE-2023-49032

HistoryDec 21, 2023 - 12:15 a.m.

CVE-2023-49032

2023-12-2100:15:26

Google

osv.dev

ltb self service password

remote code execution

sensitive information hijack

sms verification

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.5%

JSON

An issue in LTB Self Service Password before v.1.5.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via hijack of the SMS verification code function to arbitrary phone.

CPENameOperatorVersion
self-service-passwordeq1.5.1
self-service-passwordeq1.4
self-service-passwordeq0.9
self-service-passwordeq1.4.1
self-service-passwordeq1.1
self-service-passwordeq1.0
self-service-passwordeq1.5.2
self-service-passwordeq1.3
self-service-passwordeq1.5.3
self-service-passwordeq1.4.2

Name	Operator	Version
self-service-password	eq	1.5.1
self-service-password	eq	1.4
self-service-password	eq	0.9
self-service-password	eq	1.4.1
self-service-password	eq	1.1
self-service-password	eq	1.0
self-service-password	eq	1.5.2
self-service-password	eq	1.3
self-service-password	eq	1.5.3
self-service-password	eq	1.4.2

Rows per page:

1-10 of 121

References

github.com/ltb-project/self-service-password/issues/816

github.com/piuppi/Proof-of-Concepts/blob/main/ltb-project/README.md

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.5%

JSON

Related for OSV:CVE-2023-49032