Home > Vulnerability Database > WS-2023-0293

Mend.io Vulnerability Database

WS-2023-0293

Good to know:

Date: August 10, 2023

A Broken Authentication vulnerability exists in azuracast through 0.18.5. An attacker is able to get sensitive information of Administration such as CPU stats.

Language: PHP

Severity Score

5.7

Related Resources (2)

Url: https://github.com/azuracast/azuracast/commit/1404779b1a72ccbc0bd165ce0c4d8805b6024586

Url: https://www.mend.io/vulnerability-database/WS-2023-0293

Severity Score

5.7

Weakness Type (CWE)

Improper Authentication

CWE-287

Top Fix

Upgrade Version

Upgrade to version azuracast/azuracast - dev-feature/whole-page-vue;azuracast/azuracast - dev-stale-change;azuracast/azuracast - 0.19.0;azuracast/azuracast - dev-pre-1.4.0;azuracast/azuracast - dev-feature/passkeys;azuracast/azuracast - dev-master;azuracast/azuracast - dev-feature/rrule-scheduler;azuracast/azuracast - dev-fix-#4674;azuracast/azuracast - dev-feature/php-ffmpeg;azuracast/azuracast - dev-feature/concurrent-sync;azuracast/azuracast - dev-feature/media_meta_overhaul_2;azuracast/azuracast - dev-snyk-upgrade-12772c67afa2125861a56f90fc93e67b;azuracast/azuracast - dev-snyk-fix-d274cad45ec9812bd1860f4e02b1105f;azuracast/azuracast - dev-dev-ls2.3.x;azuracast/azuracast - dev-Known-Issues;azuracast/azuracast - dev-update-liquidsoap-to-66914f5-2.2.0;azuracast/azuracast - dev-feature/annotations;azuracast/azuracast - dev-feature/materialize_upgrade;azuracast/azuracast - dev-workflow-stale

Learn More

CVSS v3.1

Base Score:	5.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

WS-2023-0293

Good to know:

Date: August 10, 2023

Language: PHP

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?