CVE-2023-32687

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-32687
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-32687.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-32687
Aliases
  • GHSA-rv76-495p-g7cp
Published
2023-05-29T21:15:10Z
Modified
2024-06-06T14:23:45.217596Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a workaround, remove the list chat bots permission from users that should not have the ability to view connection strings. Invalidate any credentials previously stored for safety.

References

Affected packages

Git / github.com/tgstation/tgstation-server

Affected ranges

Type
GIT
Repo
https://github.com/tgstation/tgstation-server
Events

Affected versions

api-v8.*

api-v8.3.0

api-v9.*

api-v9.0.0
api-v9.0.1
api-v9.1.0
api-v9.10.0
api-v9.10.1
api-v9.10.2
api-v9.2.0
api-v9.3.0
api-v9.4.0
api-v9.5.0
api-v9.6.0
api-v9.7.0
api-v9.8.0
api-v9.8.1
api-v9.9.0

dmapi-v6.*

dmapi-v6.0.0
dmapi-v6.0.1
dmapi-v6.0.2
dmapi-v6.0.3
dmapi-v6.0.5
dmapi-v6.0.6
dmapi-v6.1.0
dmapi-v6.2.0
dmapi-v6.3.0
dmapi-v6.3.1
dmapi-v6.4.0
dmapi-v6.4.1
dmapi-v6.4.2
dmapi-v6.4.3

tgstation-server-migrator-1.*

tgstation-server-migrator-1.0.0
tgstation-server-migrator-1.0.1

tgstation-server-v4.*

tgstation-server-v4.10.0
tgstation-server-v4.10.1
tgstation-server-v4.10.2
tgstation-server-v4.10.3
tgstation-server-v4.10.4
tgstation-server-v4.10.5
tgstation-server-v4.10.6
tgstation-server-v4.11.0
tgstation-server-v4.11.1
tgstation-server-v4.12.0
tgstation-server-v4.12.1
tgstation-server-v4.13.0
tgstation-server-v4.14.0
tgstation-server-v4.14.1
tgstation-server-v4.14.2
tgstation-server-v4.14.3
tgstation-server-v4.15.0
tgstation-server-v4.15.1
tgstation-server-v4.15.2
tgstation-server-v4.15.3
tgstation-server-v4.15.4
tgstation-server-v4.15.5
tgstation-server-v4.15.6
tgstation-server-v4.15.7
tgstation-server-v4.16.0
tgstation-server-v4.16.1
tgstation-server-v4.16.2
tgstation-server-v4.17.0
tgstation-server-v4.17.1
tgstation-server-v4.17.2
tgstation-server-v4.18.0
tgstation-server-v4.19.0
tgstation-server-v4.19.1
tgstation-server-v4.7.0
tgstation-server-v4.7.1
tgstation-server-v4.7.2
tgstation-server-v4.7.3
tgstation-server-v4.8.0
tgstation-server-v4.8.1
tgstation-server-v4.8.2
tgstation-server-v4.9.0
tgstation-server-v4.9.1
tgstation-server-v4.9.2
tgstation-server-v4.9.3

tgstation-server-v5.*

tgstation-server-v5.0.0
tgstation-server-v5.0.1
tgstation-server-v5.0.2
tgstation-server-v5.0.3
tgstation-server-v5.0.4
tgstation-server-v5.1.0
tgstation-server-v5.1.1
tgstation-server-v5.1.2
tgstation-server-v5.1.3
tgstation-server-v5.1.4
tgstation-server-v5.10.0
tgstation-server-v5.11.0
tgstation-server-v5.12.0
tgstation-server-v5.2.0
tgstation-server-v5.2.1
tgstation-server-v5.2.2
tgstation-server-v5.2.3
tgstation-server-v5.2.4
tgstation-server-v5.3.0
tgstation-server-v5.3.1
tgstation-server-v5.3.2
tgstation-server-v5.4.0
tgstation-server-v5.5.0
tgstation-server-v5.6.0
tgstation-server-v5.7.0
tgstation-server-v5.7.1
tgstation-server-v5.7.2
tgstation-server-v5.7.3
tgstation-server-v5.8.0
tgstation-server-v5.9.0