CVE-2023-4815 - Vulnerability Details - OpenCVE

ReportizFlow

Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Answer	Answer

Configuration 1 [-]

cpe:2.3:a:answer:answer:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/answerdev/answer/commit/e75142a55546e01d8904f59db228422561f51666
https://huntr.dev/bounties/4cd3eeb4-57c9-4af2-ad19-2166c9e0fd2c

History

Thu, 26 Sep 2024 20:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: @huntrdev

Published: 2023-09-07T06:26:09.174Z

Updated: 2024-09-26T19:25:34.623Z

Reserved: 2023-09-07T06:25:54.449Z

Link: CVE-2023-4815

Vulnrichment

Updated: 2024-08-02T07:38:00.728Z

NVD

Status : Modified

Published: 2023-09-07T07:15:08.747

Modified: 2024-11-21T08:36:01.793

Link: CVE-2023-4815

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4815", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntrdev", "dateReserved": "2023-09-07T06:25:54.449Z", "datePublished": "2023-09-07T06:26:09.174Z", "dateUpdated": "2024-09-26T19:25:34.623Z"}, "containers": {"cna": {"title": "Missing Authentication for Critical Function in answerdev/answer", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev", "dateUpdated": "2023-09-07T06:26:09.174Z"}, "descriptions": [{"lang": "en", "value": "Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3."}], "affected": [{"vendor": "answerdev", "product": "answerdev/answer", "versions": [{"version": "unspecified", "lessThan": "v1.1.3", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.dev/bounties/4cd3eeb4-57c9-4af2-ad19-2166c9e0fd2c"}, {"url": "https://github.com/answerdev/answer/commit/e75142a55546e01d8904f59db228422561f51666"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "baseScore": 8.3, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-306 Missing Authentication for Critical Function", "cweId": "CWE-306"}]}], "source": {"advisory": "4cd3eeb4-57c9-4af2-ad19-2166c9e0fd2c", "discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:38:00.728Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.dev/bounties/4cd3eeb4-57c9-4af2-ad19-2166c9e0fd2c", "tags": ["x_transferred"]}, {"url": "https://github.com/answerdev/answer/commit/e75142a55546e01d8904f59db228422561f51666", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-26T19:25:22.895345Z", "id": "CVE-2023-4815", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T19:25:34.623Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.dev/bounties/4cd3eeb4-57c9-4af2-ad19-2166c9e0fd2c", "tags": ["x_transferred"]}, {"url": "https://github.com/answerdev/answer/commit/e75142a55546e01d8904f59db228422561f51666", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:38:00.728Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-4815", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-26T19:25:22.895345Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T19:25:29.691Z"}}], "cna": {"title": "Missing Authentication for Critical Function in answerdev/answer", "source": {"advisory": "4cd3eeb4-57c9-4af2-ad19-2166c9e0fd2c", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "answerdev", "product": "answerdev/answer", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "v1.1.3", "versionType": "custom"}]}], "references": [{"url": "https://huntr.dev/bounties/4cd3eeb4-57c9-4af2-ad19-2166c9e0fd2c"}, {"url": "https://github.com/answerdev/answer/commit/e75142a55546e01d8904f59db228422561f51666"}], "descriptions": [{"lang": "en", "value": "Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev", "dateUpdated": "2023-09-07T06:26:09.174Z"}}}, "cveMetadata": {"cveId": "CVE-2023-4815", "state": "PUBLISHED", "dateUpdated": "2024-09-26T19:25:34.623Z", "dateReserved": "2023-09-07T06:25:54.449Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2023-09-07T06:26:09.174Z", "assignerShortName": "@huntrdev"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:answer:answer:*:*:*:*:*:*:*:*", "matchCriteriaId": "E54D63D0-16AA-42D4-93AA-0D09E0DE9700", "versionEndExcluding": "1.1.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3."}, {"lang": "es", "value": "Falta de Autenticaci\u00f3n para la Funci\u00f3n Cr\u00edtica en el repositorio de GitHub answerdev/answer antes de la versi\u00f3n 1.1.3."}], "id": "CVE-2023-4815", "lastModified": "2024-11-21T08:36:01.793", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "[email protected]", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2023-09-07T07:15:08.747", "references": [{"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/answerdev/answer/commit/e75142a55546e01d8904f59db228422561f51666"}, {"source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/4cd3eeb4-57c9-4af2-ad19-2166c9e0fd2c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/answerdev/answer/commit/e75142a55546e01d8904f59db228422561f51666"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/4cd3eeb4-57c9-4af2-ad19-2166c9e0fd2c"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "[email protected]", "type": "Secondary"}]}