CVE-2023-39045 : An information leak in kokoroe_members card Line 13.6.1 allows attackers to obta

An information leak in kokoroe_members card Line 13.6.1 allows attackers to obtain the channel access token and send crafted messages.

Published 2023-09-20 20:15:12

Updated 2024-09-25 15:35:09

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2023-39045

Kokoroe Members Card Project » Kokoroe Members Card » Version: 13.6.1 For Line
cpe:2.3:a:kokoroe_members_card_project:kokoroe_members_card:13.6.1:*:*:*:*:line:*:*
Matching versions

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 31 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	3.9	2.5	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39045.md

CVE-reports/CVE-2023-39045.md at main · syz913/CVE-reports · GitHub
Exploit;Third Party Advisory

Jump to