{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-47315", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T21:09:36.645Z", "dateReserved": "2023-11-06T00:00:00.000Z", "datePublished": "2023-11-22T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-11-30T21:09:03.491Z"}, "descriptions": [{"lang": "en", "value": "Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. The secret is hardcoded into the source code available to anyone on Git Hub. This secret is used to sign the application\u2019s JWT token and verify the incoming user-supplied tokens."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://boltonshield.com/en/cve/cve-2023-47315/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:09:36.645Z"}, "title": "CVE Program Container", "references": [{"url": "https://boltonshield.com/en/cve/cve-2023-47315/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:h-mdm:headwind_mdm:5.22.1:*:*:*:*:*:*:*", "matchCriteriaId": "74956AFE-5BBC-40AA-97A4-61F4E2A595FC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. The secret is hardcoded into the source code available to anyone on Git Hub. This secret is used to sign the application\u2019s JWT token and verify the incoming user-supplied tokens."}, {"lang": "es", "value": "Headwind MDM Web panel 5.22.1 es vulnerable a un control de acceso incorrecto debido a un JWT Secret codificado."}], "id": "CVE-2023-47315", "lastModified": "2024-11-21T08:30:08.883", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-22T17:15:22.377", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://boltonshield.com/en/cve/cve-2023-47315/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://boltonshield.com/en/cve/cve-2023-47315/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}