CVE-2023-2848 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2023-2848

CVE-2023-2848

September 14, 2023

Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation.

Related Resources (3)

https://github.com/movim/movim/commit/96372082acd3e5d778a2522a60a1805bf2af31f6

https://mov.im/node/pubsub.movim.eu/Movim/a2d05925-0427-4f3f-b777-d20571ddddff

https://github.com/movim/movim/commit/49e2012aecdf918bb1d16f278fa9ff42fad29a9d

Do you need more information?

CVSS v4

Base Score:

8.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

PASSIVE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

NONE

Subsequent System Confidentiality

HIGH

Subsequent System Integrity

HIGH

Subsequent System Availability

NONE

CVSS v3

Base Score:

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Weakness Type (CWE)

Origin Validation Error

CWE-346

Missing Origin Validation in WebSockets

CWE-1385

EPSS

Base Score:

0.14

Products

Solutions

Resources

Company

Compare

Developer Tools