exploitDog

CVE-2023-28441

Опубликовано: 24 мар. 2023

Источник: nvd

CVSS3: 8

CVSS3: 7.5

EPSS Низкий

Описание

smartCARS 3 is flight tracking software. In version 0.5.8 and prior, all persons who have failed login attempts will have their password stored in error logs. This problem doesn't occur in version 0.5.9. As a workaround, delete the affected log file, and ensure one logs in correctly.

Ссылки

https://github.com/invernyx/smartcars-3-bugs/security/advisories/GHSA-fp42-c8g2-5jc7
Vendor Advisory
https://github.com/invernyx/smartcars-3-bugs/security/advisories/GHSA-fp42-c8g2-5jc7
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:invernyx:smartcars_3:*:*:*:*:*:*:*:*

Версия до 0.5.9 (исключая)

EPSS

Процентиль: 44%

0.00212

Низкий

8 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-532

EPSS

Процентиль: 44%

0.00212

Низкий

8 High

CVSS3

7.5 High

CVSS3

Дефекты

CWE-532

Уязвимость CVE-2023-28441