CVE-2023-45292

{"id": "CVE-2023-45292", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2023-12-11T22:15:06.677", "references": [{"url": "https://github.com/mojocn/base64Captcha/commit/5ab86bd6f333aad3936f912fc52b411168dcd4a7", "tags": ["Patch"], "source": "security@golang.org"}, {"url": "https://github.com/mojocn/base64Captcha/commit/9b11012caca58925f1e47c770f79f2fa47e3ad13", "tags": ["Patch"], "source": "security@golang.org"}, {"url": "https://github.com/mojocn/base64Captcha/issues/120", "tags": ["Exploit", "Issue Tracking"], "source": "security@golang.org"}, {"url": "https://pkg.go.dev/vuln/GO-2023-2386", "tags": ["Third Party Advisory"], "source": "security@golang.org"}, {"url": "https://github.com/mojocn/base64Captcha/commit/5ab86bd6f333aad3936f912fc52b411168dcd4a7", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/mojocn/base64Captcha/commit/9b11012caca58925f1e47c770f79f2fa47e3ad13", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/mojocn/base64Captcha/issues/120", "tags": ["Exploit", "Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://pkg.go.dev/vuln/GO-2023-2386", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-345"}]}], "descriptions": [{"lang": "en", "value": "When using the default implementation of Verify to check a Captcha, verification can be bypassed. For example, if the first parameter is a non-existent id, the second parameter is an empty string, and the third parameter is true, the function will always consider the Captcha to be correct."}, {"lang": "es", "value": "Cuando se utiliza la implementaci\u00f3n predeterminada de Verify para verificar un Captcha, se puede omitir la verificaci\u00f3n. Por ejemplo, si el primer par\u00e1metro es una identificaci\u00f3n inexistente, el segundo par\u00e1metro es una cadena vac\u00eda y el tercer par\u00e1metro es verdadero, la funci\u00f3n siempre considerar\u00e1 que el Captcha es correcto."}], "lastModified": "2024-11-21T08:26:43.050", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mojotv:base64captcha:*:*:*:*:*:go:*:*", "vulnerable": true, "matchCriteriaId": "20EF9A8D-B33C-468E-9928-2E80A0C1EA00", "versionEndExcluding": "1.3.6"}], "operator": "OR"}]}], "sourceIdentifier": "security@golang.org"}