exploitDog

CVE-2023-50974

Опубликовано: 09 янв. 2024

Источник: nvd

CVSS3: 5.5

EPSS Низкий

Описание

In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials.

Ссылки

https://appwrite.io/docs/tooling/command-line/installation
Product
https://gist.github.com/SkypLabs/72ee00ecfa7d1a3494e2d69a24279c1d
Exploit
Third Party Advisory
https://appwrite.io/docs/tooling/command-line/installation
Product
https://gist.github.com/SkypLabs/72ee00ecfa7d1a3494e2d69a24279c1d
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:appwrite:command_line_interface:*:*:*:*:*:*:*:*

Версия до 3.0.0 (исключая)

EPSS

Процентиль: 5%

0.00022

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-798

CWE-798

Связанные уязвимости

GHSA-g777-crp9-m27g

CVSS3: 5.5

github

около 2 лет назад

Apprite CLI makes Use of Hard-coded Credentials

EPSS

Процентиль: 5%

0.00022

Низкий

5.5 Medium

CVSS3

Дефекты

CWE-798

CWE-798