CVE-2023-1974 Exposure of Sensitive Information Through Metadata in answerdev/answer

Exposure of Sensitive Information Through Metadata in GitHub repository answerdev/answer prior to 1.0.8...

CVE-2023-1975

The CVE-2023-1975 entry refers to an information-disclosure flaw in the open-source project answerdev/answer prior to version 1.0.8, where EXIF geolocation data is not stripped from user-uploaded logos. Multiple connected sources (CNVD/CNNVD, GHSA, OSV, NVD, CVE listings) corroborate that an atta...

CVE-2023-1976 Password Aging with Long Expiration in answerdev/answer

Password Aging with Long Expiration in GitHub repository answerdev/answer prior to 1.0.6...

CVE-2023-1974 Exposure of Sensitive Information Through Metadata in answerdev/answer

Exposure of Sensitive Information Through Metadata in GitHub repository answerdev/answer prior to 1.0.8...

CVE-2023-1975 Insertion of Sensitive Information Into Sent Data in answerdev/answer

Insertion of Sensitive Information Into Sent Data in GitHub repository answerdev/answer prior to 1.0.8...

CVE-2023-1974 Exposure of Sensitive Information Through Metadata in answerdev/answer

Exposure of Sensitive Information Through Metadata in GitHub repository answerdev/answer prior to 1.0.8...

Answerdev 1.0.3 Account Takeover

Exploit Title: Answerdev 1.0.3 - Account Takeover Date: Reported on Jan 24th 2023 Exploit Author: Eduardo Pérez-Malumbres Cervera @blueudp Vendor Homepage: https://answer.dev/ Software Link: https://github.com/answerdev/answer Version: 1.0.3 Tested on: Ubuntu 22.04 / Debian 11 CVE : CVE-2023-0744...

Answerdev 1.0.3 - Account Takeover

Exploit Title: Answerdev 1.0.3 - Account Takeover Date: Reported on Jan 24th 2023 Exploit Author: Eduardo Pérez-Malumbres Cervera @blueudp Vendor Homepage: https://answer.dev/ Software Link: https://github.com/answerdev/answer Version: 1.0.3 Tested on: Ubuntu 22.04 / Debian 11 CVE : CVE-2023-0744...

Answerdev 1.0.3 - Account Takeover Exploit

Exploit Title: Answerdev 1.0.3 - Account Takeover Exploit Author: Eduardo Pérez-Malumbres Cervera @blueudp Vendor Homepage: https://answer.dev/ Software Link: https://github.com/answerdev/answer Version: 1.0.3 Tested on: Ubuntu 22.04 / Debian 11 CVE : CVE-2023-0744 from sys import argv import...

Answer vulnerable to Stored Cross-site Scripting

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.7...

CVE-2023-1542

Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6...

CVE-2023-1543

Insufficient Session Expiration in GitHub repository answerdev/answer prior to 1.0.6...

CVE-2023-1540

Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6...

CVE-2023-1535

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.7...

Session fixation

Insufficient Session Expiration in GitHub repository answerdev/answer prior to 1.0.6...

CVE-2023-1539

CVE-2023-1539 affects the GitHub repository answerdev/answer : versions prior to 1.0.6 have an improper restriction of excessive authentication attempts and a guessable CAPTCHA. Root cause: insufficient controls on repeated authentication attempts (exact technical details not expanded beyond what...

CVE-2023-1543

CVE-2023-1543 describes an Insufficient Session Expiration vulnerability in the open‑source knowledge base software github.com/answerdev/answer prior to version 1.0.6. The root cause is an access control weakness where a token could be reused or not invalidated after logout, enabling unauthorized...

PT-2023-17063 · Answerdev · Answer

Name of the Vulnerable Software and Affected Versions: answerdev/answer versions prior to 1.0.6 Description: The issue concerns Business Logic Errors in the GitHub repository answerdev/answer. There is no information provided about the estimated number of potentially affected devices worldwide or...

PT-2023-17062 · Answerdev · Answer

Name of the Vulnerable Software and Affected Versions: answerdev/answer versions prior to 1.0.6 Description: The issue concerns Business Logic Errors in the GitHub repository answerdev/answer. Recommendations: For versions prior to 1.0.6, update to version 1.0.6 or later to resolve the issue...

CVE-2023-1539 Improper Restriction of Excessive Authentication Attempts in answerdev/answer

Improper Restriction of Excessive Authentication Attempts in GitHub repository answerdev/answer prior to 1.0.6...