Lucene search
GoogleOSV:GHSA-4946-85PR-FVXHHistoryMar 15, 2024 - 4:42 p.m.
vantage6's CORS settings overly permissive
2024-03-1516:42:55
Google
osv.dev
9
vantage6
server
cors
settings
permissive
limited impact
session cookies
CVSS3
4.2
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
AI Score
7
Confidence
High
EPSS
0
Percentile
9.0%
Impact
The vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server.
The impact is limited because v6 does not use session cookies
Patches
No
Workarounds
No
Related
cvelist
cvelist
CVE-2024-23823 CORS settings overly permissive in vantage6
2024-03-14 18:47:50
osv
osv
CVE-2024-23823
2024-03-14 19:15:49
veracode
veracode
Insecure CORS Configuration
2024-03-18 06:26:19
nvd
nvd
CVE-2024-23823
2024-03-14 19:15:49
github
github
vantage6's CORS settings overly permissive
2024-03-15 16:42:55
cve
cve
CVE-2024-23823
2024-03-14 19:15:49
vulnrichment
vulnrichment
CVE-2024-23823 CORS settings overly permissive in vantage6
2024-03-14 18:47:50
CVSS3
4.2
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
AI Score
7
Confidence
High
EPSS
0
Percentile
9.0%
Related for OSV:GHSA-4946-85PR-FVXH