CVE-2023-32687
CVSS V2 None
CVSS V3 None
Description
tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a workaround, remove the list chat bots permission from users that should not have the ability to view connection strings. Invalidate any credentials previously stored for safety.
Overview
- CVE ID
- CVE-2023-32687
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-05-29T20:03:05.983Z
- Last Modified Date
- 2023-05-29T20:03:05.983Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/tgstation/tgstation-server/security/advisories/GHSA-rv76-495p-g7cp | x_refsource_CONFIRM |
| https://github.com/tgstation/tgstation-server/pull/1487 | x_refsource_MISC |
| https://github.com/tgstation/tgstation-server/releases/tag/tgstation-server-v5.12.1 | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-32687 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32687 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 11:22:48 | Added to TrackCVE |