CVE-2023-23911

EPSS 0.12%
Veröffentlicht 10.03.2023 22:15:10
Zuletzt bearbeitet 21.11.2024 07:47:05
Quelle support@hackerone.com
CVE-Watchlists
Login
Unerledigt
Login

An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Rocket.Chat ≫ Rocket.Chat Version < 6.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.31

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

https://hackerone.com/reports/1757663

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2023-23911

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-23911

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-23911

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-23911