← Volver a CVEs
CVE-2023-28441
HIGH8.0
Descripcion
smartCARS 3 is flight tracking software. In version 0.5.8 and prior, all persons who have failed login attempts will have their password stored in error logs. This problem doesn't occur in version 0.5.9. As a workaround, delete the affected log file, and ensure one logs in correctly.
Detalles CVE
Puntuacion CVSS v3.18.0
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado3/24/2023
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
invernyx:smartcars_3
Debilidades (CWE)
CWE-532
Referencias
https://github.com/invernyx/smartcars-3-bugs/security/advisories/GHSA-fp42-c8g2-5jc7(security-advisories@github.com)
https://github.com/invernyx/smartcars-3-bugs/security/advisories/GHSA-fp42-c8g2-5jc7(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.