CVE-2023-22481

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-22481
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22481.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-22481
Aliases
  • GHSA-8vvv-jxg6-8578
Published
2023-03-06T18:15:10Z
Modified
2024-05-30T03:59:41.272590Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

FreshRSS is a self-hosted RSS feed aggregator. When using the greader API, the provided password is logged in clear in users/_/log_api.txt in the case where the authentication fails. The issues occurs in authorizationToUser() in greader.php. If there is an issue with the request or the credentials, unauthorized() or badRequest() is called. Both these functions are printing the return of debugInfo() in the logs. debugInfo() will return the content of the request. By default, this will be saved in users/_/log_api.txt and if the const COPY_LOG_TO_SYSLOG is true, in syslogs as well. Exploiting this issue requires having access to logs produced by FreshRSS. Using the information from the logs, a malicious individual could get users' API keys (would be displayed if the users fills in a bad username) or passwords.

References

Affected packages

Git / github.com/freshrss/freshrss

Affected ranges

Type
GIT
Repo
https://github.com/freshrss/freshrss
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.1.0
0.2.0
0.3.0
0.4.0
0.5.0
0.6.0
0.6.1
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.8.0
0.8.1
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4

1.*

1.0.0
1.1.0
1.1.1
1.1.2-beta
1.1.3-beta
1.10.0
1.10.1
1.10.2
1.11.0
1.11.1
1.11.2
1.12.0
1.13.0
1.13.1
1.14.0
1.14.1
1.14.2
1.14.3
1.15.0
1.15.1
1.15.2
1.15.3
1.16.0
1.16.1
1.16.2
1.17.0
1.18.0
1.18.1
1.19.0
1.19.1
1.19.2
1.2.0
1.20.0
1.20.1
1.3.0-beta
1.3.1-beta
1.4.0
1.5.0
1.6.0
1.6.1
1.6.2
1.6.3
1.7.0
1.8.0
1.9.0