CVE-2023-2883

Description

Authorization Bypass Through User-Controlled Key vulnerability in CBOT Chatbot allows Authentication Abuse, Authentication Bypass. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

CBOT / Chatbot0 – Core: v4.0.3.4 Panel: v4.0.3.7

References

MISChttps://www.usom.gov.tr/bildirim/tr-23-0293
MISChttps://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-23-0293