CVE-2023-49801

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Jan 12, 2024

Updated: Jan 22, 2024

CWE ID 23

CWE ID 22

Summary

CVE-2023-49801 affects the Lif Auth Server, which is used for login validation, account management, and recovery for Lif Accounts. The vulnerability lies in the `get_pfp` and `get_banner` routes, where there is no verification of the received file's authenticity. An attacker could exploit this issue to gain unauthorized access to files. Version 1.4.0 of the Auth Server has been released, containing the necessary patch to resolve this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/toKCSG
https://www.cve.org/CVERecord?id=CVE-2023-49801
https://nvd.nist.gov/vuln/detail/CVE-2023-49801

Back to Vulnerability Database

CVE-2023-49801

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations