{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-50172", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2023-12-06T18:44:23.364Z", "datePublished": "2024-01-10T15:48:08.638Z", "dateUpdated": "2024-08-02T22:09:49.703Z"}, "containers": {"cna": {"affected": [{"vendor": "WWBN", "product": "AVideo", "versions": [{"version": "dev master commit 15fed957fb", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-640: Weak Password Recovery Mechanism for Forgotten Password", "type": "CWE", "cweId": "CWE-640"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-01-12T17:23:11.253Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1897", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1897"}], "credits": [{"lang": "en", "value": "Discovered by Claudio Bozzato of Cisco Talos."}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:09:49.703Z"}, "title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1897", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1897", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wwbn:avideo:15fed957fb:*:*:*:*:*:*:*", "matchCriteriaId": "4199C617-A976-4F18-ADD2-C26A5B046CC3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user."}, {"lang": "es", "value": "Existe una vulnerabilidad de omisi\u00f3n de notificaci\u00f3n de recuperaci\u00f3n en la funcionalidad de validaci\u00f3n de captcha userRecoverPass.php de la confirmaci\u00f3n maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitud HTTP especialmente manipulada puede dar lugar a la creaci\u00f3n silenciosa de un c\u00f3digo de acceso de recuperaci\u00f3n para cualquier usuario."}], "id": "CVE-2023-50172", "lastModified": "2024-01-18T14:28:59.977", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "talos-cna@cisco.com", "type": "Primary"}]}, "published": "2024-01-10T16:15:49.583", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1897"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-640"}], "source": "talos-cna@cisco.com", "type": "Primary"}]}

{}