Home > Vulnerability Database > CVE-2023-1065

Mend.io Vulnerability Database

CVE-2023-1065

Date: February 28, 2023

This vulnerability in the Snyk Kubernetes Monitor can result in irrelevant data being posted to a Snyk Organization, which could in turn obfuscate other, relevant, security issues. It does not expose the user of the integration to any direct security risk and no user data can be leaked. To exploit the vulnerability the attacker does not need to be authenticated to Snyk but does need to know the target's Integration ID (which may or may not be the same as the Organization ID, although this is an unpredictable UUID in either case).

Language: TYPE_SCRIPT

Severity Score

6.5

Related Resources (3)

Url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1065

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-1065

Url: https://www.mend.io/vulnerability-database/CVE-2023-1065

Severity Score

6.5

Weakness Type (CWE)

Improper Authentication

CWE-287

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-1065

Date: February 28, 2023

Language: TYPE_SCRIPT

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?