Lucene search

[email protected]NVD:CVE-2023-45292

HistoryDec 11, 2023 - 10:15 p.m.

CVE-2023-45292

2023-12-1122:15:06

CWE-345

[email protected]

web.nvd.nist.gov

captcha

bypass

vulnerability

implementation

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

20.6%

JSON

When using the default implementation of Verify to check a Captcha, verification can be bypassed. For example, if the first parameter is a non-existent id, the second parameter is an empty string, and the third parameter is true, the function will always consider the Captcha to be correct.

Affected configurations

Nvd

Node

mojotvbase64captchaRange<1.3.6go

VendorProductVersionCPE
mojotvbase64captcha*cpe:2.3:a:mojotv:base64captcha:*:*:*:*:*:go:*:*

Vendor	Product	Version	CPE
mojotv	base64captcha	*	cpe:2.3:a:mojotv:base64captcha::::::go::*

References

github.com/mojocn/base64Captcha/commit/5ab86bd6f333aad3936f912fc52b411168dcd4a7

github.com/mojocn/base64Captcha/commit/9b11012caca58925f1e47c770f79f2fa47e3ad13

github.com/mojocn/base64Captcha/issues/120

pkg.go.dev/vuln/GO-2023-2386

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

20.6%

JSON

Related for NVD:CVE-2023-45292

github1 cve2 osv3 prion2 veracode1 cvelist1 nvd1