{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-5916","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2023-11-02T05:39:07.124Z","datePublished":"2023-11-02T10:31:06.228Z","dateUpdated":"2025-02-27T20:36:06.793Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2023-11-02T10:31:06.228Z"},"title":"Lissy93 Dashy Configuration save access control","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-284","lang":"en","description":"CWE-284 Improper Access Controls"}]}],"affected":[{"vendor":"Lissy93","product":"Dashy","versions":[{"version":"2.1.1","status":"affected"}],"modules":["Configuration Handler"]}],"descriptions":[{"lang":"en","value":"A vulnerability classified as critical has been found in Lissy93 Dashy 2.1.1. This affects an unknown part of the file /config-manager/save of the component Configuration Handler. The manipulation of the argument config leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-244305 was assigned to this vulnerability."},{"lang":"de","value":"Es wurde eine Schwachstelle in Lissy93 Dashy 2.1.1 entdeckt. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /config-manager/save der Komponente Configuration Handler. Mittels Manipulieren des Arguments config mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":4.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":4.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":4,"vectorString":"AV:N/AC:L/Au:S/C:N/I:P/A:N"}}],"timeline":[{"time":"2023-11-02T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2023-11-02T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2023-11-02T06:45:38.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"zgbsm (VulDB User)","type":"analyst"}],"references":[{"url":"https://vuldb.com/?id.244305","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.244305","tags":["signature","permissions-required"]},{"url":"https://github.com/Lissy93/dashy/issues/1336","tags":["issue-tracking"]},{"url":"https://treasure-blarney-085.notion.site/Dashy-0dca8a0ebbd84f78ae6d03528ff1538c?pvs=4","tags":["exploit"]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T08:14:24.641Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.244305","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.244305","tags":["signature","permissions-required","x_transferred"]},{"url":"https://github.com/Lissy93/dashy/issues/1336","tags":["issue-tracking","x_transferred"]},{"url":"https://treasure-blarney-085.notion.site/Dashy-0dca8a0ebbd84f78ae6d03528ff1538c?pvs=4","tags":["exploit","x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-02-27T20:31:57.257083Z","id":"CVE-2023-5916","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-02-27T20:36:06.793Z"}}]}}