CVE-2023-2848 - OpenCVE

Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Movim	Movim

Configuration 1 [-]

cpe:2.3:a:movim:movim:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/movim/movim/commit/49e2012aecdf918bb1d16f278fa9ff42fad29a9d	Patch
https://github.com/movim/movim/commit/96372082acd3e5d778a2522a60a1805bf2af31f6	Patch
https://mov.im/node/pubsub.movim.eu/Movim/a2d05925-0427-4f3f-b777-d20571ddddff	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: snyk

Published: 2023-09-14T11:36:50.521Z

Updated: 2023-09-14T11:36:50.521Z

Reserved: 2023-05-23T10:05:08.661Z

Link: CVE-2023-2848

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-09-14T12:15:07.737

Modified: 2023-09-20T15:08:13.750

Link: CVE-2023-2848

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:movim:movim:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1A64DAC-B509-400D-88DE-4726C3A0C9D9", "versionEndExcluding": "0.22", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation."}, {"lang": "es", "value": "Movim anterior a la versi\u00f3n 0.22 se ve afectado por una vulnerabilidad de Cross-Site WebSocket Hijacking. Este fue el resultado de una validaci\u00f3n de encabezado faltante."}], "id": "CVE-2023-2848", "lastModified": "2023-09-20T15:08:13.750", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.8, "source": "report@snyk.io", "type": "Secondary"}]}, "published": "2023-09-14T12:15:07.737", "references": [{"source": "report@snyk.io", "tags": ["Patch"], "url": "https://github.com/movim/movim/commit/49e2012aecdf918bb1d16f278fa9ff42fad29a9d"}, {"source": "report@snyk.io", "tags": ["Patch"], "url": "https://github.com/movim/movim/commit/96372082acd3e5d778a2522a60a1805bf2af31f6"}, {"source": "report@snyk.io", "tags": ["Vendor Advisory"], "url": "https://mov.im/node/pubsub.movim.eu/Movim/a2d05925-0427-4f3f-b777-d20571ddddff"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-346"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-1385"}], "source": "report@snyk.io", "type": "Secondary"}]}