CVE-2023-32687

Опубликовано: 29 мая 2023

Источник: nvd

CVSS3: 7.7

CVSS3: 6.5

EPSS Низкий

Описание

tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a workaround, remove the list chat bots permission from users that should not have the ability to view connection strings. Invalidate any credentials previously stored for safety.

Ссылки

https://github.com/tgstation/tgstation-server/pull/1487
Patch
https://github.com/tgstation/tgstation-server/releases/tag/tgstation-server-v5.12.1
Release Notes
https://github.com/tgstation/tgstation-server/security/advisories/GHSA-rv76-495p-g7cp
Vendor Advisory
https://github.com/tgstation/tgstation-server/pull/1487
Patch
https://github.com/tgstation/tgstation-server/releases/tag/tgstation-server-v5.12.1
Release Notes
https://github.com/tgstation/tgstation-server/security/advisories/GHSA-rv76-495p-g7cp
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tgstation13:tgstation-server:*:*:*:*:*:*:*:*

Версия от 4.7.0 (включая) до 5.12.1 (исключая)

EPSS

Процентиль: 37%

0.00157

Низкий

7.7 High

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-522

EPSS

Процентиль: 37%

0.00157

Низкий

7.7 High

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-522