Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
68 vulnerabilities found for answerdev/answer by answerdev
CVE-2023-4815 (GCVE-0-2023-4815)
Vulnerability from cvelistv5 – Published: 2023-09-07 06:26 – Updated: 2024-09-26 19:25
VLAI
Title
Missing Authentication for Critical Function in answerdev/answer
Summary
Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3.
Severity
8.3 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| answerdev | answerdev/answer |
Affected:
unspecified , < v1.1.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:38:00.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/4cd3eeb4-57c9-4af2-ad19-2166c9e0fd2c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/answerdev/answer/commit/e75142a55546e01d8904f59db228422561f51666"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4815",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:25:22.895345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T19:25:34.623Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "answerdev/answer",
"vendor": "answerdev",
"versions": [
{
"lessThan": "v1.1.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-07T06:26:09.174Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/4cd3eeb4-57c9-4af2-ad19-2166c9e0fd2c"
},
{
"url": "https://github.com/answerdev/answer/commit/e75142a55546e01d8904f59db228422561f51666"
}
],
"source": {
"advisory": "4cd3eeb4-57c9-4af2-ad19-2166c9e0fd2c",
"discovery": "EXTERNAL"
},
"title": "Missing Authentication for Critical Function in answerdev/answer"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4815",
"datePublished": "2023-09-07T06:26:09.174Z",
"dateReserved": "2023-09-07T06:25:54.449Z",
"dateUpdated": "2024-09-26T19:25:34.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4127 (GCVE-0-2023-4127)
Vulnerability from cvelistv5 – Published: 2023-08-03 03:20 – Updated: 2024-10-10 20:15
VLAI
Title
Race Condition within a Thread in answerdev/answer
Summary
Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-366 - Race Condition within a Thread
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| answerdev | answerdev/answer |
Affected:
unspecified , < v1.1.1
(custom)
|
|
| answer | answer |
Affected:
0 , < 1.1.1
(custom)
cpe:2.3:a:answer:answer:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/cf7d19e3-1318-4c77-8366-d8d04a0b41ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/answerdev/answer/commit/47661dc8a356ce6aa7793f1bd950399292180182"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:answer:answer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "answer",
"vendor": "answer",
"versions": [
{
"lessThan": "1.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4127",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T20:08:48.637544Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T20:15:44.062Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "answerdev/answer",
"vendor": "answerdev",
"versions": [
{
"lessThan": "v1.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-366",
"description": "CWE-366 Race Condition within a Thread",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T03:20:57.777Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/cf7d19e3-1318-4c77-8366-d8d04a0b41ba"
},
{
"url": "https://github.com/answerdev/answer/commit/47661dc8a356ce6aa7793f1bd950399292180182"
}
],
"source": {
"advisory": "cf7d19e3-1318-4c77-8366-d8d04a0b41ba",
"discovery": "EXTERNAL"
},
"title": "Race Condition within a Thread in answerdev/answer"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4127",
"datePublished": "2023-08-03T03:20:57.777Z",
"dateReserved": "2023-08-03T03:20:46.192Z",
"dateUpdated": "2024-10-10T20:15:44.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4126 (GCVE-0-2023-4126)
Vulnerability from cvelistv5 – Published: 2023-08-03 03:08 – Updated: 2024-10-10 20:16
VLAI
Title
Insufficient Session Expiration in answerdev/answer
Summary
Insufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0.
Severity
4.1 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| answerdev | answerdev/answer |
Affected:
unspecified , < v1.1.0
(custom)
|
|
| answer | answer |
Affected:
0 , < 1.1.0
(custom)
cpe:2.3:a:answer:answer:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/7f50bf1c-bcb9-46ca-8cec-211493d280c5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/answerdev/answer/commit/4f468b58d0dea51290bfbdd3e96332b0014c8730"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:answer:answer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "answer",
"vendor": "answer",
"versions": [
{
"lessThan": "1.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4126",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T20:09:00.657564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T20:16:50.358Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "answerdev/answer",
"vendor": "answerdev",
"versions": [
{
"lessThan": "v1.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T03:08:57.887Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/7f50bf1c-bcb9-46ca-8cec-211493d280c5"
},
{
"url": "https://github.com/answerdev/answer/commit/4f468b58d0dea51290bfbdd3e96332b0014c8730"
}
],
"source": {
"advisory": "7f50bf1c-bcb9-46ca-8cec-211493d280c5",
"discovery": "EXTERNAL"
},
"title": "Insufficient Session Expiration in answerdev/answer"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4126",
"datePublished": "2023-08-03T03:08:57.887Z",
"dateReserved": "2023-08-03T03:08:53.069Z",
"dateUpdated": "2024-10-10T20:16:50.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4125 (GCVE-0-2023-4125)
Vulnerability from cvelistv5 – Published: 2023-08-03 03:06 – Updated: 2024-10-10 20:21
VLAI
Title
Weak Password Requirements in answerdev/answer
Summary
Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0.
Severity
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-521 - Weak Password Requirements
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| answerdev | answerdev/answer |
Affected:
unspecified , < v1.1.0
(custom)
|
|
| answer | answer |
Affected:
0 , < 1.1.0
(custom)
cpe:2.3:a:answer:answer:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/85bfd18f-8d3b-4154-8b7b-1f8fcf704e28"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/answerdev/answer/commit/7d23b17cdbbefcd2e7b5c3150f0b5ec908dc835f"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:answer:answer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "answer",
"vendor": "answer",
"versions": [
{
"lessThan": "1.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4125",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T20:09:22.653630Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T20:21:47.494Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "answerdev/answer",
"vendor": "answerdev",
"versions": [
{
"lessThan": "v1.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T03:06:49.367Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/85bfd18f-8d3b-4154-8b7b-1f8fcf704e28"
},
{
"url": "https://github.com/answerdev/answer/commit/7d23b17cdbbefcd2e7b5c3150f0b5ec908dc835f"
}
],
"source": {
"advisory": "85bfd18f-8d3b-4154-8b7b-1f8fcf704e28",
"discovery": "EXTERNAL"
},
"title": "Weak Password Requirements in answerdev/answer"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4125",
"datePublished": "2023-08-03T03:06:49.367Z",
"dateReserved": "2023-08-03T03:06:44.157Z",
"dateUpdated": "2024-10-10T20:21:47.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4124 (GCVE-0-2023-4124)
Vulnerability from cvelistv5 – Published: 2023-08-03 03:05 – Updated: 2024-10-10 20:22
VLAI
Title
Missing Authorization in answerdev/answer
Summary
Missing Authorization in GitHub repository answerdev/answer prior to v1.1.1.
Severity
8.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| answerdev | answerdev/answer |
Affected:
unspecified , < v1.1.1
(custom)
|
|
| answer | answer |
Affected:
0 , < 1.1.1
(custom)
cpe:2.3:a:answer:answer:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:12.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/2c684f99-d181-4106-8ee2-64a76ae6a348"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/answerdev/answer/commit/964195fd859ee5d7171fac847374dfa31893e793"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:answer:answer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "answer",
"vendor": "answer",
"versions": [
{
"lessThan": "1.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4124",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T20:09:40.229758Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T20:22:32.785Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "answerdev/answer",
"vendor": "answerdev",
"versions": [
{
"lessThan": "v1.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization in GitHub repository answerdev/answer prior to v1.1.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T03:05:32.060Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/2c684f99-d181-4106-8ee2-64a76ae6a348"
},
{
"url": "https://github.com/answerdev/answer/commit/964195fd859ee5d7171fac847374dfa31893e793"
}
],
"source": {
"advisory": "2c684f99-d181-4106-8ee2-64a76ae6a348",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in answerdev/answer"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4124",
"datePublished": "2023-08-03T03:05:32.060Z",
"dateReserved": "2023-08-03T03:05:20.405Z",
"dateUpdated": "2024-10-10T20:22:32.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2590 (GCVE-0-2023-2590)
Vulnerability from cvelistv5 – Published: 2023-05-09 00:00 – Updated: 2025-01-28 19:50
VLAI
Title
Missing Authorization in answerdev/answer
Summary
Missing Authorization in GitHub repository answerdev/answer prior to 1.0.9.
Severity
7.7 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| answerdev | answerdev/answer |
Affected:
unspecified , < 1.0.9
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:09.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a4238a30-3ddb-4415-9055-e179c3d4dea7"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/answerdev/answer/commit/51ac1e6b76ae9ab3ca2008ca4819c0cc3bd2fcd3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2590",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T19:50:44.290276Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T19:50:54.401Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "answerdev/answer",
"vendor": "answerdev",
"versions": [
{
"lessThan": "1.0.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization in GitHub repository answerdev/answer prior to 1.0.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-09T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a4238a30-3ddb-4415-9055-e179c3d4dea7"
},
{
"url": "https://github.com/answerdev/answer/commit/51ac1e6b76ae9ab3ca2008ca4819c0cc3bd2fcd3"
}
],
"source": {
"advisory": "a4238a30-3ddb-4415-9055-e179c3d4dea7",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in answerdev/answer"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2590",
"datePublished": "2023-05-09T00:00:00.000Z",
"dateReserved": "2023-05-09T00:00:00.000Z",
"dateUpdated": "2025-01-28T19:50:54.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1976 (GCVE-0-2023-1976)
Vulnerability from cvelistv5 – Published: 2023-04-11 00:00 – Updated: 2025-02-07 17:13
VLAI
Title
Password Aging with Long Expiration in answerdev/answer
Summary
Password Aging with Long Expiration in GitHub repository answerdev/answer prior to 1.0.6.
Severity
4.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-263 - Password Aging with Long Expiration
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| answerdev | answerdev/answer |
Affected:
unspecified , < 1.0.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:27.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/answerdev/answer/commit/813ad0b9894673b1bdd489a2e9ab60a44fe990af"
},
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/469bcabf-b315-4750-b63c-82ac86d153de"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1976",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T17:13:50.032592Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T17:13:55.067Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "answerdev/answer",
"vendor": "answerdev",
"versions": [
{
"lessThan": "1.0.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Password Aging with Long Expiration in GitHub repository answerdev/answer prior to 1.0.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-263",
"description": "CWE-263 Password Aging with Long Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-12T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://github.com/answerdev/answer/commit/813ad0b9894673b1bdd489a2e9ab60a44fe990af"
},
{
"url": "https://huntr.dev/bounties/469bcabf-b315-4750-b63c-82ac86d153de"
}
],
"source": {
"advisory": "469bcabf-b315-4750-b63c-82ac86d153de",
"discovery": "EXTERNAL"
},
"title": "Password Aging with Long Expiration in answerdev/answer"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1976",
"datePublished": "2023-04-11T00:00:00.000Z",
"dateReserved": "2023-04-11T00:00:00.000Z",
"dateUpdated": "2025-02-07T17:13:55.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1975 (GCVE-0-2023-1975)
Vulnerability from cvelistv5 – Published: 2023-04-11 00:00 – Updated: 2025-02-07 17:14
VLAI
Title
Insertion of Sensitive Information Into Sent Data in answerdev/answer
Summary
Insertion of Sensitive Information Into Sent Data in GitHub repository answerdev/answer prior to 1.0.8.
Severity
7.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-201 - Insertion of Sensitive Information Into Sent Data
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| answerdev | answerdev/answer |
Affected:
unspecified , < 1.0.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:27.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/829cab7a-4ed7-465c-aa96-29f4f73dbfff"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/answerdev/answer/commit/ac3f2f047ee00b4edaea7530e570ab67ff87cd6a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1975",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T17:14:18.314046Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T17:14:37.065Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "answerdev/answer",
"vendor": "answerdev",
"versions": [
{
"lessThan": "1.0.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insertion of Sensitive Information Into Sent Data in GitHub repository answerdev/answer prior to 1.0.8."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201 Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/829cab7a-4ed7-465c-aa96-29f4f73dbfff"
},
{
"url": "https://github.com/answerdev/answer/commit/ac3f2f047ee00b4edaea7530e570ab67ff87cd6a"
}
],
"source": {
"advisory": "829cab7a-4ed7-465c-aa96-29f4f73dbfff",
"discovery": "EXTERNAL"
},
"title": "Insertion of Sensitive Information Into Sent Data in answerdev/answer"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1975",
"datePublished": "2023-04-11T00:00:00.000Z",
"dateReserved": "2023-04-11T00:00:00.000Z",
"dateUpdated": "2025-02-07T17:14:37.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1974 (GCVE-0-2023-1974)
Vulnerability from cvelistv5 – Published: 2023-04-11 00:00 – Updated: 2025-02-07 17:14
VLAI
Title
Exposure of Sensitive Information Through Metadata in answerdev/answer
Summary
Exposure of Sensitive Information Through Metadata in GitHub repository answerdev/answer prior to 1.0.8.
Severity
7.7 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1230 - Exposure of Sensitive Information Through Metadata
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| answerdev | answerdev/answer |
Affected:
unspecified , < 1.0.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:27.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/answerdev/answer/commit/ac3f2f047ee00b4edaea7530e570ab67ff87cd6a"
},
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/852781c6-9cc8-4d25-9336-bf3cb8ee3439"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1974",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T17:14:51.823042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T17:14:55.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "answerdev/answer",
"vendor": "answerdev",
"versions": [
{
"lessThan": "1.0.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information Through Metadata in GitHub repository answerdev/answer prior to 1.0.8."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1230",
"description": "CWE-1230 Exposure of Sensitive Information Through Metadata",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://github.com/answerdev/answer/commit/ac3f2f047ee00b4edaea7530e570ab67ff87cd6a"
},
{
"url": "https://huntr.dev/bounties/852781c6-9cc8-4d25-9336-bf3cb8ee3439"
}
],
"source": {
"advisory": "852781c6-9cc8-4d25-9336-bf3cb8ee3439",
"discovery": "EXTERNAL"
},
"title": "Exposure of Sensitive Information Through Metadata in answerdev/answer"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1974",
"datePublished": "2023-04-11T00:00:00.000Z",
"dateReserved": "2023-04-11T00:00:00.000Z",
"dateUpdated": "2025-02-07T17:14:55.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1535 (GCVE-0-2023-1535)
Vulnerability from cvelistv5 – Published: 2023-03-21 00:00 – Updated: 2025-02-25 21:14
VLAI
Title
Cross-site Scripting (XSS) - Stored in answerdev/answer
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7.
Severity
8.3 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| answerdev | answerdev/answer |
Affected:
unspecified , < 1.0.7
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/answerdev/answer/commit/c3743bad4f2a69f69f8f1e1e5b4b6524fc03da25"
},
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/4d4b0caa-6d8c-4574-ae7e-e9ef5e2e1a40"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1535",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T21:13:38.170203Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T21:14:42.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "answerdev/answer",
"vendor": "answerdev",
"versions": [
{
"lessThan": "1.0.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-21T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://github.com/answerdev/answer/commit/c3743bad4f2a69f69f8f1e1e5b4b6524fc03da25"
},
{
"url": "https://huntr.dev/bounties/4d4b0caa-6d8c-4574-ae7e-e9ef5e2e1a40"
}
],
"source": {
"advisory": "4d4b0caa-6d8c-4574-ae7e-e9ef5e2e1a40",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in answerdev/answer"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1535",
"datePublished": "2023-03-21T00:00:00.000Z",
"dateReserved": "2023-03-21T00:00:00.000Z",
"dateUpdated": "2025-02-25T21:14:42.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1541 (GCVE-0-2023-1541)
Vulnerability from cvelistv5 – Published: 2023-03-21 00:00 – Updated: 2025-02-27 17:03
VLAI
Title
Business Logic Errors in answerdev/answer
Summary
Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6.
Severity
6 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-840 - Business Logic Errors
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| answerdev | answerdev/answer |
Affected:
unspecified , < 1.0.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/8fd891c6-b04e-4dac-818f-9ea30861cd92"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/answerdev/answer/commit/15390adbfcd5fd37af4661f992f8873ae5a6b840"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1541",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T17:03:33.464948Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T17:03:49.959Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "answerdev/answer",
"vendor": "answerdev",
"versions": [
{
"lessThan": "1.0.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "CWE-840 Business Logic Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-21T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/8fd891c6-b04e-4dac-818f-9ea30861cd92"
},
{
"url": "https://github.com/answerdev/answer/commit/15390adbfcd5fd37af4661f992f8873ae5a6b840"
}
],
"source": {
"advisory": "8fd891c6-b04e-4dac-818f-9ea30861cd92",
"discovery": "EXTERNAL"
},
"title": "Business Logic Errors in answerdev/answer"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1541",
"datePublished": "2023-03-21T00:00:00.000Z",
"dateReserved": "2023-03-21T00:00:00.000Z",
"dateUpdated": "2025-02-27T17:03:49.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1540 (GCVE-0-2023-1540)
Vulnerability from cvelistv5 – Published: 2023-03-21 00:00 – Updated: 2025-02-25 20:24
VLAI
Title
Observable Response Discrepancy in answerdev/answer
Summary
Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6.
Severity
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-204 - Observable Response Discrepancy
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| answerdev | answerdev/answer |
Affected:
unspecified , < 1.0.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/d8d6c259-a0f2-4209-a3b0-ecbf3eb092f4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/answerdev/answer/commit/1de3ec27e50ba7389c9449c59e8ea3a37a908ee4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1540",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T20:24:10.934759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T20:24:35.893Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "answerdev/answer",
"vendor": "answerdev",
"versions": [
{
"lessThan": "1.0.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204 Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-21T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/d8d6c259-a0f2-4209-a3b0-ecbf3eb092f4"
},
{
"url": "https://github.com/answerdev/answer/commit/1de3ec27e50ba7389c9449c59e8ea3a37a908ee4"
}
],
"source": {
"advisory": "d8d6c259-a0f2-4209-a3b0-ecbf3eb092f4",
"discovery": "EXTERNAL"
},
"title": "Observable Response Discrepancy in answerdev/answer"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1540",
"datePublished": "2023-03-21T00:00:00.000Z",
"dateReserved": "2023-03-21T00:00:00.000Z",
"dateUpdated": "2025-02-25T20:24:35.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1537 (GCVE-0-2023-1537)
Vulnerability from cvelistv5 – Published: 2023-03-21 00:00 – Updated: 2025-02-27 16:51
VLAI
Title
Authentication Bypass by Capture-replay in answerdev/answer
Summary
Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6.
Severity
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-294 - Authentication Bypass by Capture-replay
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| answerdev | answerdev/answer |
Affected:
unspecified , < 1.0.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.730Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/answerdev/answer/commit/813ad0b9894673b1bdd489a2e9ab60a44fe990af"
},
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/171cde18-a447-446c-a9ab-297953ad9b86"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1537",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T16:51:00.622050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T16:51:11.306Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "answerdev/answer",
"vendor": "answerdev",
"versions": [
{
"lessThan": "1.0.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294 Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-21T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://github.com/answerdev/answer/commit/813ad0b9894673b1bdd489a2e9ab60a44fe990af"
},
{
"url": "https://huntr.dev/bounties/171cde18-a447-446c-a9ab-297953ad9b86"
}
],
"source": {
"advisory": "171cde18-a447-446c-a9ab-297953ad9b86",
"discovery": "EXTERNAL"
},
"title": "Authentication Bypass by Capture-replay in answerdev/answer"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1537",
"datePublished": "2023-03-21T00:00:00.000Z",
"dateReserved": "2023-03-21T00:00:00.000Z",
"dateUpdated": "2025-02-27T16:51:11.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1542 (GCVE-0-2023-1542)
Vulnerability from cvelistv5 – Published: 2023-03-21 00:00 – Updated: 2025-02-26 18:34
VLAI
Title
Business Logic Errors in answerdev/answer
Summary
Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6.
Severity
8.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-840 - Business Logic Errors
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| answerdev | answerdev/answer |
Affected:
unspecified , < 1.0.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/d947417c-5a12-407a-9a2f-fa696f65126f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/answerdev/answer/commit/4ca2429d190a6e614f5bbee1173c80a7cffcc568"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1542",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T18:34:47.542077Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T18:34:58.666Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "answerdev/answer",
"vendor": "answerdev",
"versions": [
{
"lessThan": "1.0.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "CWE-840 Business Logic Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-21T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/d947417c-5a12-407a-9a2f-fa696f65126f"
},
{
"url": "https://github.com/answerdev/answer/commit/4ca2429d190a6e614f5bbee1173c80a7cffcc568"
}
],
"source": {
"advisory": "d947417c-5a12-407a-9a2f-fa696f65126f",
"discovery": "EXTERNAL"
},
"title": "Business Logic Errors in answerdev/answer"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1542",
"datePublished": "2023-03-21T00:00:00.000Z",
"dateReserved": "2023-03-21T00:00:00.000Z",
"dateUpdated": "2025-02-26T18:34:58.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1538 (GCVE-0-2023-1538)
Vulnerability from cvelistv5 – Published: 2023-03-21 00:00 – Updated: 2025-02-27 16:55
VLAI
Title
Observable Timing Discrepancy in answerdev/answer
Summary
Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6.
Severity
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-208 - Observable Timing Discrepancy
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| answerdev | answerdev/answer |
Affected:
unspecified , < 1.0.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/answerdev/answer/commit/813ad0b9894673b1bdd489a2e9ab60a44fe990af"
},
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/ac0271eb-660f-4966-8b57-4bc660a9a1a0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1538",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T16:55:26.467208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T16:55:54.306Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "answerdev/answer",
"vendor": "answerdev",
"versions": [
{
"lessThan": "1.0.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208 Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-21T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://github.com/answerdev/answer/commit/813ad0b9894673b1bdd489a2e9ab60a44fe990af"
},
{
"url": "https://huntr.dev/bounties/ac0271eb-660f-4966-8b57-4bc660a9a1a0"
}
],
"source": {
"advisory": "ac0271eb-660f-4966-8b57-4bc660a9a1a0",
"discovery": "EXTERNAL"
},
"title": "Observable Timing Discrepancy in answerdev/answer"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1538",
"datePublished": "2023-03-21T00:00:00.000Z",
"dateReserved": "2023-03-21T00:00:00.000Z",
"dateUpdated": "2025-02-27T16:55:54.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4815 (GCVE-0-2023-4815)
Vulnerability from nvd – Published: 2023-09-07 06:26 – Updated: 2024-09-26 19:25
VLAI
Title
Missing Authentication for Critical Function in answerdev/answer
Summary
Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3.
Severity
8.3 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| answerdev | answerdev/answer |
Affected:
unspecified , < v1.1.3
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:38:00.728Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/4cd3eeb4-57c9-4af2-ad19-2166c9e0fd2c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/answerdev/answer/commit/e75142a55546e01d8904f59db228422561f51666"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4815",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T19:25:22.895345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T19:25:34.623Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "answerdev/answer",
"vendor": "answerdev",
"versions": [
{
"lessThan": "v1.1.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-07T06:26:09.174Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/4cd3eeb4-57c9-4af2-ad19-2166c9e0fd2c"
},
{
"url": "https://github.com/answerdev/answer/commit/e75142a55546e01d8904f59db228422561f51666"
}
],
"source": {
"advisory": "4cd3eeb4-57c9-4af2-ad19-2166c9e0fd2c",
"discovery": "EXTERNAL"
},
"title": "Missing Authentication for Critical Function in answerdev/answer"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4815",
"datePublished": "2023-09-07T06:26:09.174Z",
"dateReserved": "2023-09-07T06:25:54.449Z",
"dateUpdated": "2024-09-26T19:25:34.623Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4127 (GCVE-0-2023-4127)
Vulnerability from nvd – Published: 2023-08-03 03:20 – Updated: 2024-10-10 20:15
VLAI
Title
Race Condition within a Thread in answerdev/answer
Summary
Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-366 - Race Condition within a Thread
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| answerdev | answerdev/answer |
Affected:
unspecified , < v1.1.1
(custom)
|
|
| answer | answer |
Affected:
0 , < 1.1.1
(custom)
cpe:2.3:a:answer:answer:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/cf7d19e3-1318-4c77-8366-d8d04a0b41ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/answerdev/answer/commit/47661dc8a356ce6aa7793f1bd950399292180182"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:answer:answer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "answer",
"vendor": "answer",
"versions": [
{
"lessThan": "1.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4127",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T20:08:48.637544Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T20:15:44.062Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "answerdev/answer",
"vendor": "answerdev",
"versions": [
{
"lessThan": "v1.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-366",
"description": "CWE-366 Race Condition within a Thread",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T03:20:57.777Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/cf7d19e3-1318-4c77-8366-d8d04a0b41ba"
},
{
"url": "https://github.com/answerdev/answer/commit/47661dc8a356ce6aa7793f1bd950399292180182"
}
],
"source": {
"advisory": "cf7d19e3-1318-4c77-8366-d8d04a0b41ba",
"discovery": "EXTERNAL"
},
"title": "Race Condition within a Thread in answerdev/answer"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4127",
"datePublished": "2023-08-03T03:20:57.777Z",
"dateReserved": "2023-08-03T03:20:46.192Z",
"dateUpdated": "2024-10-10T20:15:44.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4126 (GCVE-0-2023-4126)
Vulnerability from nvd – Published: 2023-08-03 03:08 – Updated: 2024-10-10 20:16
VLAI
Title
Insufficient Session Expiration in answerdev/answer
Summary
Insufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0.
Severity
4.1 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| answerdev | answerdev/answer |
Affected:
unspecified , < v1.1.0
(custom)
|
|
| answer | answer |
Affected:
0 , < 1.1.0
(custom)
cpe:2.3:a:answer:answer:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/7f50bf1c-bcb9-46ca-8cec-211493d280c5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/answerdev/answer/commit/4f468b58d0dea51290bfbdd3e96332b0014c8730"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:answer:answer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "answer",
"vendor": "answer",
"versions": [
{
"lessThan": "1.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4126",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T20:09:00.657564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T20:16:50.358Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "answerdev/answer",
"vendor": "answerdev",
"versions": [
{
"lessThan": "v1.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T03:08:57.887Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/7f50bf1c-bcb9-46ca-8cec-211493d280c5"
},
{
"url": "https://github.com/answerdev/answer/commit/4f468b58d0dea51290bfbdd3e96332b0014c8730"
}
],
"source": {
"advisory": "7f50bf1c-bcb9-46ca-8cec-211493d280c5",
"discovery": "EXTERNAL"
},
"title": "Insufficient Session Expiration in answerdev/answer"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4126",
"datePublished": "2023-08-03T03:08:57.887Z",
"dateReserved": "2023-08-03T03:08:53.069Z",
"dateUpdated": "2024-10-10T20:16:50.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4125 (GCVE-0-2023-4125)
Vulnerability from nvd – Published: 2023-08-03 03:06 – Updated: 2024-10-10 20:21
VLAI
Title
Weak Password Requirements in answerdev/answer
Summary
Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0.
Severity
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-521 - Weak Password Requirements
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| answerdev | answerdev/answer |
Affected:
unspecified , < v1.1.0
(custom)
|
|
| answer | answer |
Affected:
0 , < 1.1.0
(custom)
cpe:2.3:a:answer:answer:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:11.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/85bfd18f-8d3b-4154-8b7b-1f8fcf704e28"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/answerdev/answer/commit/7d23b17cdbbefcd2e7b5c3150f0b5ec908dc835f"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:answer:answer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "answer",
"vendor": "answer",
"versions": [
{
"lessThan": "1.1.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4125",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T20:09:22.653630Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T20:21:47.494Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "answerdev/answer",
"vendor": "answerdev",
"versions": [
{
"lessThan": "v1.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-521",
"description": "CWE-521 Weak Password Requirements",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T03:06:49.367Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/85bfd18f-8d3b-4154-8b7b-1f8fcf704e28"
},
{
"url": "https://github.com/answerdev/answer/commit/7d23b17cdbbefcd2e7b5c3150f0b5ec908dc835f"
}
],
"source": {
"advisory": "85bfd18f-8d3b-4154-8b7b-1f8fcf704e28",
"discovery": "EXTERNAL"
},
"title": "Weak Password Requirements in answerdev/answer"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4125",
"datePublished": "2023-08-03T03:06:49.367Z",
"dateReserved": "2023-08-03T03:06:44.157Z",
"dateUpdated": "2024-10-10T20:21:47.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4124 (GCVE-0-2023-4124)
Vulnerability from nvd – Published: 2023-08-03 03:05 – Updated: 2024-10-10 20:22
VLAI
Title
Missing Authorization in answerdev/answer
Summary
Missing Authorization in GitHub repository answerdev/answer prior to v1.1.1.
Severity
8.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| answerdev | answerdev/answer |
Affected:
unspecified , < v1.1.1
(custom)
|
|
| answer | answer |
Affected:
0 , < 1.1.1
(custom)
cpe:2.3:a:answer:answer:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:17:12.136Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/2c684f99-d181-4106-8ee2-64a76ae6a348"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/answerdev/answer/commit/964195fd859ee5d7171fac847374dfa31893e793"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:answer:answer:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "answer",
"vendor": "answer",
"versions": [
{
"lessThan": "1.1.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4124",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T20:09:40.229758Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T20:22:32.785Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "answerdev/answer",
"vendor": "answerdev",
"versions": [
{
"lessThan": "v1.1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization in GitHub repository answerdev/answer prior to v1.1.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-03T03:05:32.060Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/2c684f99-d181-4106-8ee2-64a76ae6a348"
},
{
"url": "https://github.com/answerdev/answer/commit/964195fd859ee5d7171fac847374dfa31893e793"
}
],
"source": {
"advisory": "2c684f99-d181-4106-8ee2-64a76ae6a348",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in answerdev/answer"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4124",
"datePublished": "2023-08-03T03:05:32.060Z",
"dateReserved": "2023-08-03T03:05:20.405Z",
"dateUpdated": "2024-10-10T20:22:32.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-2590 (GCVE-0-2023-2590)
Vulnerability from nvd – Published: 2023-05-09 00:00 – Updated: 2025-01-28 19:50
VLAI
Title
Missing Authorization in answerdev/answer
Summary
Missing Authorization in GitHub repository answerdev/answer prior to 1.0.9.
Severity
7.7 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| answerdev | answerdev/answer |
Affected:
unspecified , < 1.0.9
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:26:09.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a4238a30-3ddb-4415-9055-e179c3d4dea7"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/answerdev/answer/commit/51ac1e6b76ae9ab3ca2008ca4819c0cc3bd2fcd3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2590",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T19:50:44.290276Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T19:50:54.401Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "answerdev/answer",
"vendor": "answerdev",
"versions": [
{
"lessThan": "1.0.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization in GitHub repository answerdev/answer prior to 1.0.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-09T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a4238a30-3ddb-4415-9055-e179c3d4dea7"
},
{
"url": "https://github.com/answerdev/answer/commit/51ac1e6b76ae9ab3ca2008ca4819c0cc3bd2fcd3"
}
],
"source": {
"advisory": "a4238a30-3ddb-4415-9055-e179c3d4dea7",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in answerdev/answer"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-2590",
"datePublished": "2023-05-09T00:00:00.000Z",
"dateReserved": "2023-05-09T00:00:00.000Z",
"dateUpdated": "2025-01-28T19:50:54.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1976 (GCVE-0-2023-1976)
Vulnerability from nvd – Published: 2023-04-11 00:00 – Updated: 2025-02-07 17:13
VLAI
Title
Password Aging with Long Expiration in answerdev/answer
Summary
Password Aging with Long Expiration in GitHub repository answerdev/answer prior to 1.0.6.
Severity
4.6 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-263 - Password Aging with Long Expiration
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| answerdev | answerdev/answer |
Affected:
unspecified , < 1.0.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:27.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/answerdev/answer/commit/813ad0b9894673b1bdd489a2e9ab60a44fe990af"
},
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/469bcabf-b315-4750-b63c-82ac86d153de"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1976",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T17:13:50.032592Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T17:13:55.067Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "answerdev/answer",
"vendor": "answerdev",
"versions": [
{
"lessThan": "1.0.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Password Aging with Long Expiration in GitHub repository answerdev/answer prior to 1.0.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-263",
"description": "CWE-263 Password Aging with Long Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-12T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://github.com/answerdev/answer/commit/813ad0b9894673b1bdd489a2e9ab60a44fe990af"
},
{
"url": "https://huntr.dev/bounties/469bcabf-b315-4750-b63c-82ac86d153de"
}
],
"source": {
"advisory": "469bcabf-b315-4750-b63c-82ac86d153de",
"discovery": "EXTERNAL"
},
"title": "Password Aging with Long Expiration in answerdev/answer"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1976",
"datePublished": "2023-04-11T00:00:00.000Z",
"dateReserved": "2023-04-11T00:00:00.000Z",
"dateUpdated": "2025-02-07T17:13:55.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1975 (GCVE-0-2023-1975)
Vulnerability from nvd – Published: 2023-04-11 00:00 – Updated: 2025-02-07 17:14
VLAI
Title
Insertion of Sensitive Information Into Sent Data in answerdev/answer
Summary
Insertion of Sensitive Information Into Sent Data in GitHub repository answerdev/answer prior to 1.0.8.
Severity
7.6 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-201 - Insertion of Sensitive Information Into Sent Data
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| answerdev | answerdev/answer |
Affected:
unspecified , < 1.0.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:27.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/829cab7a-4ed7-465c-aa96-29f4f73dbfff"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/answerdev/answer/commit/ac3f2f047ee00b4edaea7530e570ab67ff87cd6a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1975",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T17:14:18.314046Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T17:14:37.065Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "answerdev/answer",
"vendor": "answerdev",
"versions": [
{
"lessThan": "1.0.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insertion of Sensitive Information Into Sent Data in GitHub repository answerdev/answer prior to 1.0.8."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201 Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/829cab7a-4ed7-465c-aa96-29f4f73dbfff"
},
{
"url": "https://github.com/answerdev/answer/commit/ac3f2f047ee00b4edaea7530e570ab67ff87cd6a"
}
],
"source": {
"advisory": "829cab7a-4ed7-465c-aa96-29f4f73dbfff",
"discovery": "EXTERNAL"
},
"title": "Insertion of Sensitive Information Into Sent Data in answerdev/answer"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1975",
"datePublished": "2023-04-11T00:00:00.000Z",
"dateReserved": "2023-04-11T00:00:00.000Z",
"dateUpdated": "2025-02-07T17:14:37.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1974 (GCVE-0-2023-1974)
Vulnerability from nvd – Published: 2023-04-11 00:00 – Updated: 2025-02-07 17:14
VLAI
Title
Exposure of Sensitive Information Through Metadata in answerdev/answer
Summary
Exposure of Sensitive Information Through Metadata in GitHub repository answerdev/answer prior to 1.0.8.
Severity
7.7 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1230 - Exposure of Sensitive Information Through Metadata
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| answerdev | answerdev/answer |
Affected:
unspecified , < 1.0.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:05:27.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/answerdev/answer/commit/ac3f2f047ee00b4edaea7530e570ab67ff87cd6a"
},
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/852781c6-9cc8-4d25-9336-bf3cb8ee3439"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1974",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T17:14:51.823042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T17:14:55.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "answerdev/answer",
"vendor": "answerdev",
"versions": [
{
"lessThan": "1.0.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information Through Metadata in GitHub repository answerdev/answer prior to 1.0.8."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1230",
"description": "CWE-1230 Exposure of Sensitive Information Through Metadata",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-11T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://github.com/answerdev/answer/commit/ac3f2f047ee00b4edaea7530e570ab67ff87cd6a"
},
{
"url": "https://huntr.dev/bounties/852781c6-9cc8-4d25-9336-bf3cb8ee3439"
}
],
"source": {
"advisory": "852781c6-9cc8-4d25-9336-bf3cb8ee3439",
"discovery": "EXTERNAL"
},
"title": "Exposure of Sensitive Information Through Metadata in answerdev/answer"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1974",
"datePublished": "2023-04-11T00:00:00.000Z",
"dateReserved": "2023-04-11T00:00:00.000Z",
"dateUpdated": "2025-02-07T17:14:55.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1535 (GCVE-0-2023-1535)
Vulnerability from nvd – Published: 2023-03-21 00:00 – Updated: 2025-02-25 21:14
VLAI
Title
Cross-site Scripting (XSS) - Stored in answerdev/answer
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7.
Severity
8.3 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| answerdev | answerdev/answer |
Affected:
unspecified , < 1.0.7
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/answerdev/answer/commit/c3743bad4f2a69f69f8f1e1e5b4b6524fc03da25"
},
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/4d4b0caa-6d8c-4574-ae7e-e9ef5e2e1a40"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1535",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T21:13:38.170203Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T21:14:42.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "answerdev/answer",
"vendor": "answerdev",
"versions": [
{
"lessThan": "1.0.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-21T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://github.com/answerdev/answer/commit/c3743bad4f2a69f69f8f1e1e5b4b6524fc03da25"
},
{
"url": "https://huntr.dev/bounties/4d4b0caa-6d8c-4574-ae7e-e9ef5e2e1a40"
}
],
"source": {
"advisory": "4d4b0caa-6d8c-4574-ae7e-e9ef5e2e1a40",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in answerdev/answer"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1535",
"datePublished": "2023-03-21T00:00:00.000Z",
"dateReserved": "2023-03-21T00:00:00.000Z",
"dateUpdated": "2025-02-25T21:14:42.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1541 (GCVE-0-2023-1541)
Vulnerability from nvd – Published: 2023-03-21 00:00 – Updated: 2025-02-27 17:03
VLAI
Title
Business Logic Errors in answerdev/answer
Summary
Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6.
Severity
6 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-840 - Business Logic Errors
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| answerdev | answerdev/answer |
Affected:
unspecified , < 1.0.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.671Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/8fd891c6-b04e-4dac-818f-9ea30861cd92"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/answerdev/answer/commit/15390adbfcd5fd37af4661f992f8873ae5a6b840"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1541",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T17:03:33.464948Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T17:03:49.959Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "answerdev/answer",
"vendor": "answerdev",
"versions": [
{
"lessThan": "1.0.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "CWE-840 Business Logic Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-21T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/8fd891c6-b04e-4dac-818f-9ea30861cd92"
},
{
"url": "https://github.com/answerdev/answer/commit/15390adbfcd5fd37af4661f992f8873ae5a6b840"
}
],
"source": {
"advisory": "8fd891c6-b04e-4dac-818f-9ea30861cd92",
"discovery": "EXTERNAL"
},
"title": "Business Logic Errors in answerdev/answer"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1541",
"datePublished": "2023-03-21T00:00:00.000Z",
"dateReserved": "2023-03-21T00:00:00.000Z",
"dateUpdated": "2025-02-27T17:03:49.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1540 (GCVE-0-2023-1540)
Vulnerability from nvd – Published: 2023-03-21 00:00 – Updated: 2025-02-25 20:24
VLAI
Title
Observable Response Discrepancy in answerdev/answer
Summary
Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6.
Severity
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-204 - Observable Response Discrepancy
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| answerdev | answerdev/answer |
Affected:
unspecified , < 1.0.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/d8d6c259-a0f2-4209-a3b0-ecbf3eb092f4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/answerdev/answer/commit/1de3ec27e50ba7389c9449c59e8ea3a37a908ee4"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1540",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-25T20:24:10.934759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-25T20:24:35.893Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "answerdev/answer",
"vendor": "answerdev",
"versions": [
{
"lessThan": "1.0.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204 Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-21T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/d8d6c259-a0f2-4209-a3b0-ecbf3eb092f4"
},
{
"url": "https://github.com/answerdev/answer/commit/1de3ec27e50ba7389c9449c59e8ea3a37a908ee4"
}
],
"source": {
"advisory": "d8d6c259-a0f2-4209-a3b0-ecbf3eb092f4",
"discovery": "EXTERNAL"
},
"title": "Observable Response Discrepancy in answerdev/answer"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1540",
"datePublished": "2023-03-21T00:00:00.000Z",
"dateReserved": "2023-03-21T00:00:00.000Z",
"dateUpdated": "2025-02-25T20:24:35.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1537 (GCVE-0-2023-1537)
Vulnerability from nvd – Published: 2023-03-21 00:00 – Updated: 2025-02-27 16:51
VLAI
Title
Authentication Bypass by Capture-replay in answerdev/answer
Summary
Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6.
Severity
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-294 - Authentication Bypass by Capture-replay
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| answerdev | answerdev/answer |
Affected:
unspecified , < 1.0.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.730Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/answerdev/answer/commit/813ad0b9894673b1bdd489a2e9ab60a44fe990af"
},
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/171cde18-a447-446c-a9ab-297953ad9b86"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1537",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T16:51:00.622050Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T16:51:11.306Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "answerdev/answer",
"vendor": "answerdev",
"versions": [
{
"lessThan": "1.0.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294 Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-21T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://github.com/answerdev/answer/commit/813ad0b9894673b1bdd489a2e9ab60a44fe990af"
},
{
"url": "https://huntr.dev/bounties/171cde18-a447-446c-a9ab-297953ad9b86"
}
],
"source": {
"advisory": "171cde18-a447-446c-a9ab-297953ad9b86",
"discovery": "EXTERNAL"
},
"title": "Authentication Bypass by Capture-replay in answerdev/answer"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1537",
"datePublished": "2023-03-21T00:00:00.000Z",
"dateReserved": "2023-03-21T00:00:00.000Z",
"dateUpdated": "2025-02-27T16:51:11.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1542 (GCVE-0-2023-1542)
Vulnerability from nvd – Published: 2023-03-21 00:00 – Updated: 2025-02-26 18:34
VLAI
Title
Business Logic Errors in answerdev/answer
Summary
Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6.
Severity
8.1 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-840 - Business Logic Errors
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| answerdev | answerdev/answer |
Affected:
unspecified , < 1.0.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/d947417c-5a12-407a-9a2f-fa696f65126f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/answerdev/answer/commit/4ca2429d190a6e614f5bbee1173c80a7cffcc568"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1542",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T18:34:47.542077Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T18:34:58.666Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "answerdev/answer",
"vendor": "answerdev",
"versions": [
{
"lessThan": "1.0.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-840",
"description": "CWE-840 Business Logic Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-21T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/d947417c-5a12-407a-9a2f-fa696f65126f"
},
{
"url": "https://github.com/answerdev/answer/commit/4ca2429d190a6e614f5bbee1173c80a7cffcc568"
}
],
"source": {
"advisory": "d947417c-5a12-407a-9a2f-fa696f65126f",
"discovery": "EXTERNAL"
},
"title": "Business Logic Errors in answerdev/answer"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1542",
"datePublished": "2023-03-21T00:00:00.000Z",
"dateReserved": "2023-03-21T00:00:00.000Z",
"dateUpdated": "2025-02-26T18:34:58.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1538 (GCVE-0-2023-1538)
Vulnerability from nvd – Published: 2023-03-21 00:00 – Updated: 2025-02-27 16:55
VLAI
Title
Observable Timing Discrepancy in answerdev/answer
Summary
Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6.
Severity
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-208 - Observable Timing Discrepancy
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| answerdev | answerdev/answer |
Affected:
unspecified , < 1.0.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:49:11.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/answerdev/answer/commit/813ad0b9894673b1bdd489a2e9ab60a44fe990af"
},
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/ac0271eb-660f-4966-8b57-4bc660a9a1a0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1538",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T16:55:26.467208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T16:55:54.306Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "answerdev/answer",
"vendor": "answerdev",
"versions": [
{
"lessThan": "1.0.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-208",
"description": "CWE-208 Observable Timing Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-21T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://github.com/answerdev/answer/commit/813ad0b9894673b1bdd489a2e9ab60a44fe990af"
},
{
"url": "https://huntr.dev/bounties/ac0271eb-660f-4966-8b57-4bc660a9a1a0"
}
],
"source": {
"advisory": "ac0271eb-660f-4966-8b57-4bc660a9a1a0",
"discovery": "EXTERNAL"
},
"title": "Observable Timing Discrepancy in answerdev/answer"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-1538",
"datePublished": "2023-03-21T00:00:00.000Z",
"dateReserved": "2023-03-21T00:00:00.000Z",
"dateUpdated": "2025-02-27T16:55:54.306Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}