Home > Vulnerability Database > CVE-2023-48708

Mend.io Vulnerability Database

CVE-2023-48708

Good to know:

Date: November 24, 2023

CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then be used to send a request with that user's authority. This issue has been addressed in version 1.0.0-beta.8. Users are advised to upgrade. Users unable to upgrade should disable logging for successful login attempts by the configuration files.

Language: PHP

Severity Score

6.5

Related Resources (5)

Url: https://github.com/codeigniter4/shield/commit/7e84c3fb3411294f70890819bfe51781bb9dc8e4

Url: https://codeigniter4.github.io/shield/getting_started/authenticators/

Url: https://github.com/codeigniter4/shield/security/advisories/GHSA-j72f-h752-mx4w

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-48708

Url: https://www.mend.io/vulnerability-database/CVE-2023-48708

Severity Score

6.5

Weakness Type (CWE)

Information Exposure Through Log Files

CWE-532

Top Fix

Upgrade Version

Upgrade to version 1.0.0-beta.8

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-48708

Good to know:

Date: November 24, 2023

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?