CVE-2023-23629 (GCVE-0-2023-23629)
Vulnerability from cvelistv5 – Published: 2023-01-28 01:23 – Updated: 2025-03-10 21:17
VLAI?
Summary
Metabase is an open source data analytics platform. Affected versions are subject to Improper Privilege Management. As intended, recipients of dashboards subscriptions can view the data as seen by the creator of that subscription. This allows someone with greater access to data to create a dashboard subscription, add people with fewer data privileges, and all recipients of that subscription receive the same data: the charts shown in the email would abide by the privileges of the user who created the subscription. The issue is users with fewer privileges who can view a dashboard are able to add themselves to a dashboard subscription created by someone with additional data privileges, and thus get access to more data via email. This issue is patched in versions 0.43.7.1, 1.43.7.1, 0.44.6.1, 1.44.6.1, 0.45.2.1, and 1.45.2.1. On Metabase instances running Enterprise Edition, admins can disable the "Subscriptions and Alerts" permission for groups that have restricted data permissions, as a workaround.
Severity ?
6.3 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:35:33.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/metabase/metabase/security/advisories/GHSA-ch8f-hhq9-7gv5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-ch8f-hhq9-7gv5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-23629",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-10T20:58:43.915067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-10T21:17:37.583Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "metabase",
"vendor": "metabase",
"versions": [
{
"status": "affected",
"version": "\u003c 0.43.7.1"
},
{
"status": "affected",
"version": "\u003e= 0.44.0-RC1, \u003c 0.44.6.1"
},
{
"status": "affected",
"version": "\u003e= 0.45.0-RC1, \u003c 0.45.2.1"
},
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.43.7.1"
},
{
"status": "affected",
"version": "\u003e= 1.44.0-RC1, \u003c 1.44.6.1"
},
{
"status": "affected",
"version": "\u003e= 1.45.0-RC1, \u003c 1.45.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Metabase is an open source data analytics platform. Affected versions are subject to Improper Privilege Management. As intended, recipients of dashboards subscriptions can view the data as seen by the creator of that subscription. This allows someone with greater access to data to create a dashboard subscription, add people with fewer data privileges, and all recipients of that subscription receive the same data: the charts shown in the email would abide by the privileges of the user who created the subscription. The issue is users with fewer privileges who can view a dashboard are able to add themselves to a dashboard subscription created by someone with additional data privileges, and thus get access to more data via email. This issue is patched in versions 0.43.7.1, 1.43.7.1, 0.44.6.1, 1.44.6.1, 0.45.2.1, and 1.45.2.1. On Metabase instances running Enterprise Edition, admins can disable the \"Subscriptions and Alerts\" permission for groups that have restricted data permissions, as a workaround.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-28T01:23:33.300Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/metabase/metabase/security/advisories/GHSA-ch8f-hhq9-7gv5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/metabase/metabase/security/advisories/GHSA-ch8f-hhq9-7gv5"
}
],
"source": {
"advisory": "GHSA-ch8f-hhq9-7gv5",
"discovery": "UNKNOWN"
},
"title": "Metabase subject to Improper Privilege Management"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-23629",
"datePublished": "2023-01-28T01:23:33.300Z",
"dateReserved": "2023-01-16T17:07:46.245Z",
"dateUpdated": "2025-03-10T21:17:37.583Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"0.43.7.1\", \"matchCriteriaId\": \"B739CE77-5465-4018-9A7D-EFE7E2C6912C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"0.44.0\", \"versionEndExcluding\": \"0.44.6.1\", \"matchCriteriaId\": \"DF00E09E-C915-4D5E-BF06-D52E044752C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"0.45.0\", \"versionEndExcluding\": \"0.45.2.1\", \"matchCriteriaId\": \"D4A024C8-A76F-4D31-ACAF-E47E19BC5FE3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.0.0\", \"versionEndExcluding\": \"1.43.7.1\", \"matchCriteriaId\": \"79CF2F09-CA1A-4A02-A529-8E879C011505\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.44.0\", \"versionEndExcluding\": \"1.44.6.1\", \"matchCriteriaId\": \"2A2796BF-3609-4633-9465-671B1A6BDF44\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.45.0\", \"versionEndExcluding\": \"1.45.2.1\", \"matchCriteriaId\": \"79B81DBB-484A-466C-95B3-CD91F7390D31\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Metabase is an open source data analytics platform. Affected versions are subject to Improper Privilege Management. As intended, recipients of dashboards subscriptions can view the data as seen by the creator of that subscription. This allows someone with greater access to data to create a dashboard subscription, add people with fewer data privileges, and all recipients of that subscription receive the same data: the charts shown in the email would abide by the privileges of the user who created the subscription. The issue is users with fewer privileges who can view a dashboard are able to add themselves to a dashboard subscription created by someone with additional data privileges, and thus get access to more data via email. This issue is patched in versions 0.43.7.1, 1.43.7.1, 0.44.6.1, 1.44.6.1, 0.45.2.1, and 1.45.2.1. On Metabase instances running Enterprise Edition, admins can disable the \\\"Subscriptions and Alerts\\\" permission for groups that have restricted data permissions, as a workaround.\\n\"}, {\"lang\": \"es\", \"value\": \"Metabase es una plataforma de an\\u00e1lisis de datos de c\\u00f3digo abierto. Las versiones afectadas est\\u00e1n sujetas a una gesti\\u00f3n de privilegios inadecuada. Seg\\u00fan lo previsto, los destinatarios de las suscripciones a paneles pueden ver los datos tal como los ve el creador de esa suscripci\\u00f3n. Esto permite que alguien con mayor acceso a los datos cree una suscripci\\u00f3n al panel, agregue personas con menos privilegios de datos y todos los destinatarios de esa suscripci\\u00f3n reciban los mismos datos: los gr\\u00e1ficos que se muestran en el correo electr\\u00f3nico cumplir\\u00e1n con los privilegios del usuario que cre\\u00f3 la suscripci\\u00f3n. . El problema es que los usuarios con menos privilegios que pueden ver un panel pueden agregarse a una suscripci\\u00f3n al panel creada por alguien con privilegios de datos adicionales y, por lo tanto, obtener acceso a m\\u00e1s datos por correo electr\\u00f3nico. Este problema se solucion\\u00f3 en las versiones 0.43.7.1, 1.43.7.1, 0.44.6.1, 1.44.6.1, 0.45.2.1 y 1.45.2.1. En instancias de Metabase que ejecutan Enterprise Edition, los administradores pueden desactivar el permiso \\\"Suscripciones y alertas\\\" para grupos que tienen permisos de datos restringidos, como workaround.\"}]",
"id": "CVE-2023-23629",
"lastModified": "2024-11-21T07:46:34.197",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:L\", \"baseScore\": 6.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.1, \"impactScore\": 4.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N\", \"baseScore\": 6.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.1, \"impactScore\": 4.2}]}",
"published": "2023-01-28T02:15:07.900",
"references": "[{\"url\": \"https://github.com/metabase/metabase/security/advisories/GHSA-ch8f-hhq9-7gv5\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/metabase/metabase/security/advisories/GHSA-ch8f-hhq9-7gv5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}, {\"lang\": \"en\", \"value\": \"CWE-269\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-23629\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-01-28T02:15:07.900\",\"lastModified\":\"2024-11-21T07:46:34.197\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Metabase is an open source data analytics platform. Affected versions are subject to Improper Privilege Management. As intended, recipients of dashboards subscriptions can view the data as seen by the creator of that subscription. This allows someone with greater access to data to create a dashboard subscription, add people with fewer data privileges, and all recipients of that subscription receive the same data: the charts shown in the email would abide by the privileges of the user who created the subscription. The issue is users with fewer privileges who can view a dashboard are able to add themselves to a dashboard subscription created by someone with additional data privileges, and thus get access to more data via email. This issue is patched in versions 0.43.7.1, 1.43.7.1, 0.44.6.1, 1.44.6.1, 0.45.2.1, and 1.45.2.1. On Metabase instances running Enterprise Edition, admins can disable the \\\"Subscriptions and Alerts\\\" permission for groups that have restricted data permissions, as a workaround.\\n\"},{\"lang\":\"es\",\"value\":\"Metabase es una plataforma de an\u00e1lisis de datos de c\u00f3digo abierto. Las versiones afectadas est\u00e1n sujetas a una gesti\u00f3n de privilegios inadecuada. Seg\u00fan lo previsto, los destinatarios de las suscripciones a paneles pueden ver los datos tal como los ve el creador de esa suscripci\u00f3n. Esto permite que alguien con mayor acceso a los datos cree una suscripci\u00f3n al panel, agregue personas con menos privilegios de datos y todos los destinatarios de esa suscripci\u00f3n reciban los mismos datos: los gr\u00e1ficos que se muestran en el correo electr\u00f3nico cumplir\u00e1n con los privilegios del usuario que cre\u00f3 la suscripci\u00f3n. . El problema es que los usuarios con menos privilegios que pueden ver un panel pueden agregarse a una suscripci\u00f3n al panel creada por alguien con privilegios de datos adicionales y, por lo tanto, obtener acceso a m\u00e1s datos por correo electr\u00f3nico. Este problema se solucion\u00f3 en las versiones 0.43.7.1, 1.43.7.1, 0.44.6.1, 1.44.6.1, 0.45.2.1 y 1.45.2.1. En instancias de Metabase que ejecutan Enterprise Edition, los administradores pueden desactivar el permiso \\\"Suscripciones y alertas\\\" para grupos que tienen permisos de datos restringidos, como workaround.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:L\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.1,\"impactScore\":4.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.1,\"impactScore\":4.2}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"},{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.43.7.1\",\"matchCriteriaId\":\"B739CE77-5465-4018-9A7D-EFE7E2C6912C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.44.0\",\"versionEndExcluding\":\"0.44.6.1\",\"matchCriteriaId\":\"DF00E09E-C915-4D5E-BF06-D52E044752C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"0.45.0\",\"versionEndExcluding\":\"0.45.2.1\",\"matchCriteriaId\":\"D4A024C8-A76F-4D31-ACAF-E47E19BC5FE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.0\",\"versionEndExcluding\":\"1.43.7.1\",\"matchCriteriaId\":\"79CF2F09-CA1A-4A02-A529-8E879C011505\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.44.0\",\"versionEndExcluding\":\"1.44.6.1\",\"matchCriteriaId\":\"2A2796BF-3609-4633-9465-671B1A6BDF44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:metabase:metabase:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.45.0\",\"versionEndExcluding\":\"1.45.2.1\",\"matchCriteriaId\":\"79B81DBB-484A-466C-95B3-CD91F7390D31\"}]}]}],\"references\":[{\"url\":\"https://github.com/metabase/metabase/security/advisories/GHSA-ch8f-hhq9-7gv5\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/metabase/metabase/security/advisories/GHSA-ch8f-hhq9-7gv5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/metabase/metabase/security/advisories/GHSA-ch8f-hhq9-7gv5\", \"name\": \"https://github.com/metabase/metabase/security/advisories/GHSA-ch8f-hhq9-7gv5\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T10:35:33.616Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-23629\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-10T20:58:43.915067Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-10T20:58:45.451Z\"}}], \"cna\": {\"title\": \"Metabase subject to Improper Privilege Management\", \"source\": {\"advisory\": \"GHSA-ch8f-hhq9-7gv5\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"metabase\", \"product\": \"metabase\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.43.7.1\"}, {\"status\": \"affected\", \"version\": \"\u003e= 0.44.0-RC1, \u003c 0.44.6.1\"}, {\"status\": \"affected\", \"version\": \"\u003e= 0.45.0-RC1, \u003c 0.45.2.1\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.0.0, \u003c 1.43.7.1\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.44.0-RC1, \u003c 1.44.6.1\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.45.0-RC1, \u003c 1.45.2.1\"}]}], \"references\": [{\"url\": \"https://github.com/metabase/metabase/security/advisories/GHSA-ch8f-hhq9-7gv5\", \"name\": \"https://github.com/metabase/metabase/security/advisories/GHSA-ch8f-hhq9-7gv5\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Metabase is an open source data analytics platform. Affected versions are subject to Improper Privilege Management. As intended, recipients of dashboards subscriptions can view the data as seen by the creator of that subscription. This allows someone with greater access to data to create a dashboard subscription, add people with fewer data privileges, and all recipients of that subscription receive the same data: the charts shown in the email would abide by the privileges of the user who created the subscription. The issue is users with fewer privileges who can view a dashboard are able to add themselves to a dashboard subscription created by someone with additional data privileges, and thus get access to more data via email. This issue is patched in versions 0.43.7.1, 1.43.7.1, 0.44.6.1, 1.44.6.1, 0.45.2.1, and 1.45.2.1. On Metabase instances running Enterprise Edition, admins can disable the \\\"Subscriptions and Alerts\\\" permission for groups that have restricted data permissions, as a workaround.\\n\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200: Exposure of Sensitive Information to an Unauthorized Actor\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-269\", \"description\": \"CWE-269: Improper Privilege Management\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-01-28T01:23:33.300Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-23629\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-10T21:17:37.583Z\", \"dateReserved\": \"2023-01-16T17:07:46.245Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2023-01-28T01:23:33.300Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…