CVE-2023-40735 - OpenCVE

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BUTTERFLY BUTTON PROJECT - BUTTERFLY BUTTON (Architecture flaw) allows loss of plausible deniability and confidentiality. This issue affects BUTTERFLY BUTTON: As of 2023-08-21.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Butterfly-button	Butterfly Button

Configuration 1 [-]

cpe:2.3:a:butterfly-button:butterfly_button:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://butterfly-button.web.app/
https://github.com/TheButterflyButton
https://github.com/TheButterflySDK
https://github.com/VULSecLabs/Vulnerabilities/blob/main/CVE/CVE-2023-40735.md
https://www.butterfly-button.com/
https://www.vulsec.org/advisories

History

No history.

MITRE

Status: PUBLISHED

Assigner: VULSec

Published: 2023-08-21T11:35:44.087Z

Updated: 2024-08-02T18:38:51.165Z

Reserved: 2023-08-21T11:18:05.563Z

Link: CVE-2023-40735

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-08-21T12:15:09.410

Modified: 2023-11-07T04:20:21.290

Link: CVE-2023-40735

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-40735", "assignerOrgId": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", "state": "PUBLISHED", "assignerShortName": "VULSec", "dateReserved": "2023-08-21T11:18:05.563Z", "datePublished": "2023-08-21T11:35:44.087Z", "dateUpdated": "2024-08-02T18:38:51.165Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://github.com/TheButterflySDK", "defaultStatus": "affected", "modules": ["Architecture"], "product": "BUTTERFLY BUTTON", "vendor": "BUTTERFLY BUTTON PROJECT", "versions": [{"status": "affected", "version": "As of 2023-08-21"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BUTTERFLY BUTTON PROJECT - BUTTERFLY BUTTON (Architecture flaw) allows loss of plausible deniability and confidentiality.</span><br><span style=\"background-color: rgb(255, 255, 255);\">This issue affects BUTTERFLY BUTTON: As of 2023-08-21.</span><br>"}], "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BUTTERFLY BUTTON PROJECT - BUTTERFLY BUTTON (Architecture flaw) allows loss of plausible deniability and confidentiality.\nThis issue affects BUTTERFLY BUTTON: As of 2023-08-21.\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", "shortName": "VULSec", "dateUpdated": "2023-08-22T06:12:04.222Z"}, "references": [{"url": "https://www.vulsec.org/advisories"}, {"url": "https://github.com/VULSecLabs/Vulnerabilities/blob/main/CVE/CVE-2023-40735.md"}, {"url": "https://butterfly-button.web.app/"}, {"url": "https://github.com/TheButterflyButton"}, {"url": "https://github.com/TheButterflySDK"}, {"url": "https://www.butterfly-button.com/"}], "source": {"advisory": "VSL-2023-8", "discovery": "EXTERNAL"}, "title": "Butterfly Button Project - Sensitive Information Disclosure", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:38:51.165Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.vulsec.org/advisories", "tags": ["x_transferred"]}, {"url": "https://github.com/VULSecLabs/Vulnerabilities/blob/main/CVE/CVE-2023-40735.md", "tags": ["x_transferred"]}, {"url": "https://butterfly-button.web.app/", "tags": ["x_transferred"]}, {"url": "https://github.com/TheButterflyButton", "tags": ["x_transferred"]}, {"url": "https://github.com/TheButterflySDK", "tags": ["x_transferred"]}, {"url": "https://www.butterfly-button.com/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:butterfly-button:butterfly_button:*:*:*:*:*:*:*:*", "matchCriteriaId": "4B0845C2-B07A-4C73-A0EB-76E77A417689", "versionEndIncluding": "2023-08-21", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BUTTERFLY BUTTON PROJECT - BUTTERFLY BUTTON (Architecture flaw) allows loss of plausible deniability and confidentiality.\nThis issue affects BUTTERFLY BUTTON: As of 2023-08-21.\n"}], "id": "CVE-2023-40735", "lastModified": "2023-11-07T04:20:21.290", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", "type": "Secondary"}]}, "published": "2023-08-21T12:15:09.410", "references": [{"source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", "url": "https://butterfly-button.web.app/"}, {"source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", "url": "https://github.com/TheButterflyButton"}, {"source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", "url": "https://github.com/TheButterflySDK"}, {"source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", "url": "https://github.com/VULSecLabs/Vulnerabilities/blob/main/CVE/CVE-2023-40735.md"}, {"source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", "url": "https://www.butterfly-button.com/"}, {"source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", "url": "https://www.vulsec.org/advisories"}], "sourceIdentifier": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", "type": "Secondary"}]}