CVE-2023-34243

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-34243

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-34243.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-34243

Aliases

GHSA-w3jx-4x93-76ph

Published

2023-06-08T21:09:14.628Z

Modified

2026-04-10T04:58:25.723384Z

Severity

5.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS Calculator

Summary

Windows user name disclosure in TGstation

Details

TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation-server (TGS), an attacker could discover their username by brute-forcing the login endpoint with an invalid password. When a valid Windows logon was found, a distinct response would be generated. This issue has been addressed in version 5.12.5. Users are advised to upgrade. Users unable to upgrade may be mitigated by rate-limiting API calls with software that sits in front of TGS in the HTTP pipeline such as fail2ban.

Database specific

{
    "cwe_ids": [
        "CWE-200"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/34xxx/CVE-2023-34243.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/tgstation/tgstation-server

Affected ranges

Type: GIT
Repo: https://github.com/tgstation/tgstation-server
Events: Introduced

d1f36fece6f715bc85bd5c468618efea10b8a1b7

Fixed

b86d678e9fc5dc4b81bf90a2959f7f25a81f7146

Affected versions

api-v6.*

api-v6.3.0

api-v6.4.0

api-v6.4.1

api-v6.5.0

api-v6.5.1

api-v6.6.0

api-v7.*

api-v7.2.0

api-v7.2.1

api-v7.2.2

api-v7.2.3

api-v7.2.4

api-v7.3.0

api-v7.3.1

api-v7.3.2

api-v7.4.0

api-v8.*

api-v8.3.0

api-v9.*

api-v9.0.1

api-v9.1.0

api-v9.10.0

api-v9.10.1

api-v9.10.2

api-v9.3.0

api-v9.4.0

api-v9.5.0

api-v9.6.0

api-v9.7.0

api-v9.8.0

api-v9.8.1

api-v9.9.0

dmapi-v5.*

dmapi-v5.1.1

dmapi-v5.2.0

dmapi-v5.2.1

dmapi-v5.2.3

dmapi-v5.2.4

dmapi-v5.2.5

dmapi-v5.2.6

dmapi-v5.2.7

dmapi-v5.2.8

dmapi-v5.2.9

dmapi-v6.*

dmapi-v6.0.0

dmapi-v6.0.1

dmapi-v6.0.2

dmapi-v6.0.3

dmapi-v6.0.5

dmapi-v6.1.0

dmapi-v6.2.0

dmapi-v6.3.0

dmapi-v6.3.1

dmapi-v6.4.0

dmapi-v6.4.1

dmapi-v6.4.2

dmapi-v6.4.3

dmapi-v6.4.4

dmapi-v6.4.5

tgstation-server-migrator-1.*

tgstation-server-migrator-1.0.0

tgstation-server-migrator-1.0.1

tgstation-server-v4.*

tgstation-server-v4.0.0.0

tgstation-server-v4.0.0.1

tgstation-server-v4.0.0.2

tgstation-server-v4.0.0.3

tgstation-server-v4.0.0.4

tgstation-server-v4.0.0.5

tgstation-server-v4.0.0.6

tgstation-server-v4.0.1.0

tgstation-server-v4.0.1.1

tgstation-server-v4.0.1.2

tgstation-server-v4.0.1.3

tgstation-server-v4.0.1.4

tgstation-server-v4.0.2.0

tgstation-server-v4.0.2.1

tgstation-server-v4.1.0

tgstation-server-v4.1.1

tgstation-server-v4.1.2

tgstation-server-v4.1.3

tgstation-server-v4.1.4

tgstation-server-v4.10.0

tgstation-server-v4.10.1

tgstation-server-v4.10.2

tgstation-server-v4.10.3

tgstation-server-v4.10.4

tgstation-server-v4.10.5

tgstation-server-v4.10.6

tgstation-server-v4.11.0

tgstation-server-v4.11.1

tgstation-server-v4.12.0

tgstation-server-v4.12.1

tgstation-server-v4.13.0

tgstation-server-v4.14.0

tgstation-server-v4.14.1

tgstation-server-v4.14.2

tgstation-server-v4.14.3

tgstation-server-v4.15.0

tgstation-server-v4.15.1

tgstation-server-v4.15.2

tgstation-server-v4.15.3

tgstation-server-v4.15.4

tgstation-server-v4.15.5

tgstation-server-v4.15.6

tgstation-server-v4.15.7

tgstation-server-v4.16.0

tgstation-server-v4.16.1

tgstation-server-v4.16.2

tgstation-server-v4.17.0

tgstation-server-v4.17.1

tgstation-server-v4.17.2

tgstation-server-v4.18.0

tgstation-server-v4.19.0

tgstation-server-v4.19.1

tgstation-server-v4.2.0

tgstation-server-v4.2.1

tgstation-server-v4.2.2

tgstation-server-v4.2.3

tgstation-server-v4.2.4

tgstation-server-v4.2.5

tgstation-server-v4.2.6

tgstation-server-v4.2.7

tgstation-server-v4.2.8

tgstation-server-v4.3.0

tgstation-server-v4.3.1

tgstation-server-v4.3.2

tgstation-server-v4.3.3

tgstation-server-v4.3.4

tgstation-server-v4.3.5

tgstation-server-v4.3.6

tgstation-server-v4.4.0

tgstation-server-v4.4.1

tgstation-server-v4.4.2

tgstation-server-v4.4.3

tgstation-server-v4.4.4

tgstation-server-v4.4.5

tgstation-server-v4.5.0

tgstation-server-v4.5.1

tgstation-server-v4.5.2

tgstation-server-v4.5.3

tgstation-server-v4.5.4

tgstation-server-v4.6.0

tgstation-server-v4.6.1

tgstation-server-v4.6.2

tgstation-server-v4.6.3

tgstation-server-v4.7.0

tgstation-server-v4.7.1

tgstation-server-v4.7.2

tgstation-server-v4.7.3

tgstation-server-v4.8.0

tgstation-server-v4.8.1

tgstation-server-v4.8.2

tgstation-server-v4.9.0

tgstation-server-v4.9.1

tgstation-server-v4.9.2

tgstation-server-v4.9.3

tgstation-server-v5.*

tgstation-server-v5.0.0

tgstation-server-v5.0.1

tgstation-server-v5.0.2

tgstation-server-v5.0.3

tgstation-server-v5.1.0

tgstation-server-v5.1.1

tgstation-server-v5.1.2

tgstation-server-v5.1.3

tgstation-server-v5.1.4

tgstation-server-v5.10.0

tgstation-server-v5.11.0

tgstation-server-v5.12.0

tgstation-server-v5.12.1

tgstation-server-v5.12.2

tgstation-server-v5.12.3

tgstation-server-v5.12.4

tgstation-server-v5.2.0

tgstation-server-v5.2.1

tgstation-server-v5.2.2

tgstation-server-v5.2.3

tgstation-server-v5.2.4

tgstation-server-v5.3.0

tgstation-server-v5.3.1

tgstation-server-v5.3.2

tgstation-server-v5.5.0

tgstation-server-v5.6.0

tgstation-server-v5.7.0

tgstation-server-v5.7.1

tgstation-server-v5.7.2

tgstation-server-v5.7.3

tgstation-server-v5.8.0

tgstation-server-v5.9.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-34243.json"