CVE-2023-38040 - Vulnerability Details

Vendors	Products
Revive-adserver	Revive Adserver

Link	Providers
https://hackerone.com/reports/1694171

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-38040", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2023-07-12T01:00:11.881Z", "datePublished": "2023-09-17T04:41:38.080Z", "dateUpdated": "2024-09-25T13:54:24.631Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions.."}], "affected": [{"defaultStatus": "unaffected", "vendor": "Revive", "product": "Revive Adserver", "versions": [{"version": "5.4.1", "status": "affected", "lessThanOrEqual": "5.4.1", "versionType": "semver"}]}], "references": [{"url": "https://hackerone.com/reports/1694171"}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2023-09-17T04:41:38.080Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:30:12.371Z"}, "title": "CVE Program Container", "references": [{"url": "https://hackerone.com/reports/1694171", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-25T13:53:47.391498Z", "id": "CVE-2023-38040", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-25T13:54:24.631Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2023-38040 (string)

assignerOrgId : 36234546-b8fa-4601-9d6f-f4e334aa8ea1 (string)

state : PUBLISHED (string)

assignerShortName : hackerone (string)

dateReserved : 2023-07-12T01:00:11.881Z (string)

datePublished : 2023-09-17T04:41:38.080Z (string)

dateUpdated : 2024-09-25T13:54:24.631Z (string)

}

containers : { »

cna : { »

descriptions : [ »

0 : { »

lang : en (string)

value : A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions.. (string)

}

]

affected : [ »

0 : { »

defaultStatus : unaffected (string)

vendor : Revive (string)

product : Revive Adserver (string)

versions : [ »

0 : { »

version : 5.4.1 (string)

status : affected (string)

lessThanOrEqual : 5.4.1 (string)

versionType : semver (string)

}

]

}

]

references : [ »

0 : { »

url : https://hackerone.com/reports/1694171 (string)

}

]

providerMetadata : { »

orgId : 36234546-b8fa-4601-9d6f-f4e334aa8ea1 (string)

shortName : hackerone (string)

dateUpdated : 2023-09-17T04:41:38.080Z (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T17:30:12.371Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://hackerone.com/reports/1694171 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-09-25T13:53:47.391498Z (string)

id : CVE-2023-38040 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-09-25T13:54:24.631Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://hackerone.com/reports/1694171", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:30:12.371Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-38040", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-25T13:53:47.391498Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-25T13:53:56.781Z"}}], "cna": {"affected": [{"vendor": "Revive", "product": "Revive Adserver", "versions": [{"status": "affected", "version": "5.4.1", "versionType": "semver", "lessThanOrEqual": "5.4.1"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://hackerone.com/reports/1694171"}], "descriptions": [{"lang": "en", "value": "A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions.."}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2023-09-17T04:41:38.080Z"}}}, "cveMetadata": {"cveId": "CVE-2023-38040", "state": "PUBLISHED", "dateUpdated": "2024-09-25T13:54:24.631Z", "dateReserved": "2023-07-12T01:00:11.881Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2023-09-17T04:41:38.080Z", "assignerShortName": "hackerone"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://hackerone.com/reports/1694171 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T17:30:12.371Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2023-38040 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-09-25T13:53:47.391498Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-09-25T13:53:56.781Z (string)

}

]

cna : { »

affected : [ »

0 : { »

vendor : Revive (string)

product : Revive Adserver (string)

versions : [ »

0 : { »

status : affected (string)

version : 5.4.1 (string)

versionType : semver (string)

lessThanOrEqual : 5.4.1 (string)

}

]

defaultStatus : unaffected (string)

}

]

references : [ »

0 : { »

url : https://hackerone.com/reports/1694171 (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions.. (string)

}

]

providerMetadata : { »

orgId : 36234546-b8fa-4601-9d6f-f4e334aa8ea1 (string)

shortName : hackerone (string)

dateUpdated : 2023-09-17T04:41:38.080Z (string)

}

cveMetadata : { »

cveId : CVE-2023-38040 (string)

state : PUBLISHED (string)

dateUpdated : 2024-09-25T13:54:24.631Z (string)

dateReserved : 2023-07-12T01:00:11.881Z (string)

assignerOrgId : 36234546-b8fa-4601-9d6f-f4e334aa8ea1 (string)

datePublished : 2023-09-17T04:41:38.080Z (string)

assignerShortName : hackerone (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*", "matchCriteriaId": "D4105460-20E1-45B8-80B1-DA8041D6B7B1", "versionEndIncluding": "5.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions.."}, {"lang": "es", "value": "Existe una vulnerabilidad XSS Reflejada en Revive Adserver 5.4.1 y versiones anteriores."}], "id": "CVE-2023-38040", "lastModified": "2024-11-21T08:12:43.633", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-17T05:15:10.213", "references": [{"source": "support@hackerone.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://hackerone.com/reports/1694171"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://hackerone.com/reports/1694171"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D4105460-20E1-45B8-80B1-DA8041D6B7B1 (string)

versionEndIncluding : 5.4.1 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions.. (string)

}

1 : { »

lang : es (string)

value : Existe una vulnerabilidad XSS Reflejada en Revive Adserver 5.4.1 y versiones anteriores. (string)

}

]

id : CVE-2023-38040 (string)

lastModified : 2024-11-21T08:12:43.633 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 6.1 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : NONE (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 2.7 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2023-09-17T05:15:10.213 (string)

references : [ »

0 : { »

source : support@hackerone.com (string)

tags : [ »

0 : Exploit (string)

1 : Issue Tracking (string)

2 : Third Party Advisory (string)

]

url : https://hackerone.com/reports/1694171 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Issue Tracking (string)

2 : Third Party Advisory (string)

]

url : https://hackerone.com/reports/1694171 (string)

}

]

sourceIdentifier : support@hackerone.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-79 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object