CVE-2023-49801

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-49801
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49801.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-49801
Related
  • GHSA-3v77-pvqq-qg3f
Published
2024-01-12T21:15:09Z
Modified
2025-01-15T05:02:01.107457Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Lif Auth Server is a server for validating logins, managing information, and account recovery for Lif Accounts. The issue relates to the get_pfp and get_banner routes on Auth Server. The issue is that there is no check to ensure that the file that Auth Server is receiving through these URLs is correct. This could allow an attacker access to files they shouldn't have access to. This issue has been patched in version 1.4.0.

References

Affected packages

Git / github.com/lif-platforms/lif-auth-server

Affected ranges

Type
GIT
Repo
https://github.com/lif-platforms/lif-auth-server
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

1.*

1.2.0
1.2.1
1.3.0
1.3.1
1.3.2