exploitDog

CVE-2023-4472

Опубликовано: 01 фев. 2024

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number generator (PRNG) coupled to a predictable seed, which could lead to an unauthenticated account takeover of any user on the application.

Ссылки

https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2024/MNDT-2024-0002.md
Third Party Advisory
https://www.objectplanet.com/opinio/changelog.html
Release Notes
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2024/MNDT-2024-0002.md
Third Party Advisory
https://www.objectplanet.com/opinio/changelog.html
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:objectplanet:opinio:*:*:*:*:*:*:*:*

Версия до 7.23 (исключая)

EPSS

Процентиль: 31%

0.00116

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-335

CWE-335

Связанные уязвимости

GHSA-x62r-6wv3-49pm

CVSS3: 9.8

github

около 2 лет назад

Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number generator (PRNG) coupled to a predictable seed, which could lead to an unauthenticated account takeover of any user on the application.

EPSS

Процентиль: 31%

0.00116

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-335

CWE-335