CVE-2023-1543 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
@huntrdev	CNA	6.8 MEDIUM	NETWORK	LOW	HIGH	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 19%

Vendor	Product	Version
answer	answer	𝑥 < 1.0.6

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-613 - Insufficient Session Expiration
According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

References

https://github.com/answerdev/answer/commit/cd742b75605c99776f32d271c0a60e0f468e181c

https://huntr.dev/bounties/f82388d6-dfc3-4fbc-bea6-eb40cf5b2683

https://github.com/answerdev/answer/commit/cd742b75605c99776f32d271c0a60e0f468e181c

https://huntr.dev/bounties/f82388d6-dfc3-4fbc-bea6-eb40cf5b2683