CVE-2023-1975 - Vulnerability Details - OpenCVE

Insertion of Sensitive Information Into Sent Data in GitHub repository answerdev/answer prior to 1.0.8.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00061.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Answer	Answer

Configuration 1 [-]

cpe:2.3:a:answer:answer:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-1212	Insertion of Sensitive Information Into Sent Data in GitHub repository answerdev/answer prior to 1.0.8.
Github GHSA	GHSA-65v8-6pvw-jwvq	Answer vulnerable to Insertion of Sensitive Information Into Sent Data

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/answerdev/answer/commit/ac3f2f047ee00b4edaea7530e570ab67ff87cd6a
https://huntr.dev/bounties/829cab7a-4ed7-465c-aa96-29f4f73dbfff

History

Fri, 07 Feb 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: @huntrdev

Published: 2023-04-11T00:00:00.000Z

Updated: 2025-02-07T17:14:37.065Z

Reserved: 2023-04-11T00:00:00.000Z

Link: CVE-2023-1975

Vulnrichment

Updated: 2024-08-02T06:05:27.090Z

NVD

Status : Modified

Published: 2023-04-11T10:15:18.037

Modified: 2024-11-21T07:40:15.827

Link: CVE-2023-1975

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-1975", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntrdev", "dateUpdated": "2025-02-07T17:14:37.065Z", "dateReserved": "2023-04-11T00:00:00.000Z", "datePublished": "2023-04-11T00:00:00.000Z"}, "containers": {"cna": {"title": "Insertion of Sensitive Information Into Sent Data in answerdev/answer", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev", "dateUpdated": "2023-04-11T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Insertion of Sensitive Information Into Sent Data in GitHub repository answerdev/answer prior to 1.0.8."}], "affected": [{"vendor": "answerdev", "product": "answerdev/answer", "versions": [{"version": "unspecified", "lessThan": "1.0.8", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.dev/bounties/829cab7a-4ed7-465c-aa96-29f4f73dbfff"}, {"url": "https://github.com/answerdev/answer/commit/ac3f2f047ee00b4edaea7530e570ab67ff87cd6a"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-201 Insertion of Sensitive Information Into Sent Data", "cweId": "CWE-201"}]}], "source": {"advisory": "829cab7a-4ed7-465c-aa96-29f4f73dbfff", "discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:05:27.090Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.dev/bounties/829cab7a-4ed7-465c-aa96-29f4f73dbfff", "tags": ["x_transferred"]}, {"url": "https://github.com/answerdev/answer/commit/ac3f2f047ee00b4edaea7530e570ab67ff87cd6a", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-07T17:14:18.314046Z", "id": "CVE-2023-1975", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-07T17:14:37.065Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.dev/bounties/829cab7a-4ed7-465c-aa96-29f4f73dbfff", "tags": ["x_transferred"]}, {"url": "https://github.com/answerdev/answer/commit/ac3f2f047ee00b4edaea7530e570ab67ff87cd6a", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:05:27.090Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-1975", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-07T17:14:18.314046Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-07T17:14:03.591Z"}}], "cna": {"title": "Insertion of Sensitive Information Into Sent Data in answerdev/answer", "source": {"advisory": "829cab7a-4ed7-465c-aa96-29f4f73dbfff", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "answerdev", "product": "answerdev/answer", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "1.0.8", "versionType": "custom"}]}], "references": [{"url": "https://huntr.dev/bounties/829cab7a-4ed7-465c-aa96-29f4f73dbfff"}, {"url": "https://github.com/answerdev/answer/commit/ac3f2f047ee00b4edaea7530e570ab67ff87cd6a"}], "descriptions": [{"lang": "en", "value": "Insertion of Sensitive Information Into Sent Data in GitHub repository answerdev/answer prior to 1.0.8."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-201", "description": "CWE-201 Insertion of Sensitive Information Into Sent Data"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev", "dateUpdated": "2023-04-11T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2023-1975", "state": "PUBLISHED", "dateUpdated": "2025-02-07T17:14:37.065Z", "dateReserved": "2023-04-11T00:00:00.000Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2023-04-11T00:00:00.000Z", "assignerShortName": "@huntrdev"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:answer:answer:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4BF738D-18A6-4996-8D3A-D56829F96F93", "versionEndExcluding": "1.0.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Insertion of Sensitive Information Into Sent Data in GitHub repository answerdev/answer prior to 1.0.8."}], "id": "CVE-2023-1975", "lastModified": "2024-11-21T07:40:15.827", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-11T10:15:18.037", "references": [{"source": "security@huntr.dev", "tags": ["Patch"], "url": "https://github.com/answerdev/answer/commit/ac3f2f047ee00b4edaea7530e570ab67ff87cd6a"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Patch"], "url": "https://huntr.dev/bounties/829cab7a-4ed7-465c-aa96-29f4f73dbfff"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/answerdev/answer/commit/ac3f2f047ee00b4edaea7530e570ab67ff87cd6a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://huntr.dev/bounties/829cab7a-4ed7-465c-aa96-29f4f73dbfff"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-201"}], "source": "security@huntr.dev", "type": "Secondary"}]}