Vulnerabilities > CVE-2023-28686 - Authorization Bypass Through User-Controlled Key vulnerability in multiple products

CVSS 7.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

LOW

Availability impact

NONE

network

low complexity

NVD

Published: 2023-03-24

Updated: 2023-11-07

Summary

Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive information.

Vulnerable Configurations

Part	Description	Count
Application	Dino Dino Dino 0.4.0 Dino Dino 0.3.0 Dino Dino - Dino Dino 0.0 Dino Dino 0.1.0 Dino Dino 0.1.1 Dino Dino 0.1.2 Dino Dino 0.2.0 Dino Dino 0.2.1	9
OS	Fedoraproject Fedoraproject Fedora 36 Fedoraproject Fedora 37 Fedoraproject Fedora 38	3
OS	Debian Debian Debian Linux 10.0 Debian Debian Linux 11.0 Debian Debian Linux 12.0	3

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References