CVE-2023-50932

EPSS 0.05%
Veröffentlicht 09.01.2024 07:15:10
Zuletzt bearbeitet 06.01.2026 19:37:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in savignano S/Notify before 4.0.2 for Confluence. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a malicious website. If executed while an administrator is logged on to Confluence, an attacker could exploit this to modify the configuration of the S/Notify app on that host. This can, in particular, lead to email notifications being no longer encrypted when they should be.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Savignano ≫ S-notify SwPlatformconfluence Version < 4.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.162

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
cve@mitre.org	8.3	2.8	5.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://help.savignano.net/snotify-email-encryption/sa-2023-11-28

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-50932

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-50932

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-50932

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-50932