CVE-2023-0744

high-risk
Published 2023-02-08

Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4.

Do I need to act?

~
8.5% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
51257
+
Fix available
Upgrade to: 10b59e0e27c95f3520ac979bdc58ddaedb6aaaa0, c1fa2b13f6b547b96da60b23350bbe2b29de542d
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Answer

References (6)

http://packetstormsecurity.com/files/171733/Answerdev-1.0.3-Account-Takeover.htm...
Patch https://github.com/answerdev/answer/commit/c1fa2b13f6b547b96da60b23350bbe2b29de5...
Exploit https://huntr.dev/bounties/35a0e12f-1d54-4fc0-8779-6a4949b7c434
http://packetstormsecurity.com/files/171733/Answerdev-1.0.3-Account-Takeover.htm...
Patch https://github.com/answerdev/answer/commit/c1fa2b13f6b547b96da60b23350bbe2b29de5...
Exploit https://huntr.dev/bounties/35a0e12f-1d54-4fc0-8779-6a4949b7c434
54
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 17/34 · Moderate
Exposure 5/34 · Minimal