CVE-2023-2886

Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.
References
Link Resource
https://www.usom.gov.tr/bildirim/tr-23-0293 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cbot:cbot_core:*:*:*:*:*:*:*:*
cpe:2.3:a:cbot:cbot_panel:*:*:*:*:*:*:*:*

History

18 Oct 2023, 08:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 5.4
v2 : unknown
v3 : 4.3

16 Aug 2023, 08:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.5
v2 : unknown
v3 : 5.4
CWE CWE-346 CWE-1385

02 Aug 2023, 17:16

Type Values Removed Values Added
CWE CWE-1385 CWE-346

26 Jul 2023, 10:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 4.3
v2 : unknown
v3 : 6.5

31 May 2023, 22:44

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.6
v2 : unknown
v3 : 4.3
CPE cpe:2.3:a:cbot:cbot_panel:*:*:*:*:*:*:*:*
cpe:2.3:a:cbot:cbot_core:*:*:*:*:*:*:*:*
First Time Cbot cbot Panel
Cbot cbot Core
Cbot
References (MISC) https://www.usom.gov.tr/bildirim/tr-23-0293 - (MISC) https://www.usom.gov.tr/bildirim/tr-23-0293 - Third Party Advisory

Information

Published : 2023-05-25 09:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-2886

Mitre link : CVE-2023-2886

CVE.ORG link : CVE-2023-2886


JSON object : View

Products Affected

cbot

  • cbot_core
  • cbot_panel
CWE
CWE-1385

Missing Origin Validation in WebSockets

CWE-346

Origin Validation Error