CVE-2023-2158
CVSS V2 None
CVSS V3 None
Description
Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A malicious actor who creates this token can supply it to a separate Code Dx system, provided they know the username they want to impersonate, and impersonate the user. Score 6.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C
Overview
- CVE ID
- CVE-2023-2158
- Assigner
- disclosure@synopsys.com
- Vulnerability Status
- Awaiting Analysis
- Published Version
- 2023-04-27T18:15:13
- Last Modified Date
- 2023-04-27T18:35:34
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://community.synopsys.com/s/question/0D5Hr00006VdZblKAF/announcement-changelog-code-dx-202342 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-2158 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2158 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-27 19:01:20 | Added to TrackCVE | |||
| 2023-04-27 19:01:23 | Weakness Enumeration | new |