tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a workaround, remove the list chat bots permission from users that should not have the ability to view connection strings. Invalidate any credentials previously stored for safety.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-05-29T20:03:05.983Z
Updated: 2023-05-29T20:03:05.983Z
Reserved: 2023-05-11T16:33:45.732Z
Link: CVE-2023-32687
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-05-29T21:15:10.053
Modified: 2023-06-06T15:12:31.750
Link: CVE-2023-32687
JSON object: View
Redhat Information
No data.
CWE