Lucene search
K
CbotCbot Core

6 matches found

CVE
CVE
added 2023/05/25 8:28 a.m.58 views

CVE-2023-2885

CVE-2023-2885 affects CBOT Chatbot: improper enforcement of message integrity during transmission in a non-endpoint channel, enabling adversary-in-the-middle (AiTM) attacks. Affected: Core before v4.0.3.4 and Panel before v4.0.3.7. Exploitation status not stated in the provided docs. Remediation:...

8.1CVSS7.2AI score0.00297EPSS
CVE
CVE
added 2023/05/25 8:31 a.m.54 views

CVE-2023-2886

The CVE-2023-2886 entry concerns CBOT Chatbot core software and its WebSockets origin validation. Affected: CBOT Chatbot Core prior to v4.0.3.4 and Panel prior to v4.0.3.7. Root cause: Missing Origin Validation in WebSockets, enabling content spoofing via the application API manipulation. Impact:...

4.3CVSS5.8AI score0.00208EPSS
CVE
CVE
added 2023/05/25 8:18 a.m.50 views

CVE-2023-2882

CVE-2023-2882 affects CBOT Chatbot Core before v4.0.3.4 and Panel before v4.0.3.7. The issue is the generation of incorrect security tokens, which allows token impersonation and privilege abuse (privilege escalation). Affected components: Core token generation and Panel handling. Reported impact ...

9.8CVSS7.3AI score0.0064EPSS
CVE
CVE
added 2023/05/25 8:33 a.m.48 views

CVE-2023-2887

Summary: CVE-2023-2887 is an authentication bypass by spoofing affecting CBOT Chatbot Core prior to v4.0.3.4 and Panel prior to v4.0.3.7. The vulnerability allows unauthorized access by spoofing authentication. The NVD/related records assign a high impact with CVSS v3.1 scores of 9.8 (NETWORK, HI...

9.8CVSS7.3AI score0.00765EPSS
CVE
CVE
added 2023/05/25 8:20 a.m.46 views

CVE-2023-2883

The CVE-2023-2883 issue affects CBOT Chatbot Core prior to v4.0.3.4 and Panel prior to v4.0.3.7, described as an Authorization Bypass through a User-Controlled Key that enables Authentication Abuse. The vulnerability is documented across sources (NVD entry and CVE records) with a CVSS v3.1 base s...

8.8CVSS7.3AI score0.00683EPSS
CVE
CVE
added 2023/05/25 8:26 a.m.41 views

CVE-2023-2884

CVE-2023-2884 concerns CBOT Chatbot’s cryptographically weak PRNG and insufficiently random values, enabling signature spoofing by key recreation. Public details indicate affected components: Core prior to v4.0.3.4 and Panel prior to v4.0.3.7. The vulnerability resides in the randomness used for ...

9.8CVSS7.3AI score0.00692EPSS