← Zuruck zu CVEs
CVE-2023-40179
MEDIUM5.3
Beschreibung
Silverware Games is a premium social network where people can play games online. Prior to version 1.3.6, the Password Recovery form would throw an error if the specified email was not found in our database. It would only display the "Enter the code" form if the email is associated with a member of the site. Since version 1.3.6, the "Enter the code" form is always returned, showing the message "If the entered email is associated with an account, a code will be sent now". This change prevents potential violators from determining if our site has a user with the specified email.
CVE Details
CVSS v3.1 Bewertung5.3
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht8/25/2023
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
silverwaregames:silverwaregames
Schwachen (CWE)
CWE-204
Referenzen
https://github.com/mesosoi/silverwaregames-io-issue-tracker/security/advisories/GHSA-789j-chfj-58hr(security-advisories@github.com)
https://github.com/mesosoi/silverwaregames-io-issue-tracker/security/advisories/GHSA-789j-chfj-58hr(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.