Vulnerability Details CVE-2023-2848
Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.7%
CVSS Severity
CVSS v3 Score 8.0
References
- https://github.com/movim/movim/commit/49e2012aecdf918bb1d16f278fa9ff42fad29a9d
- https://github.com/movim/movim/commit/96372082acd3e5d778a2522a60a1805bf2af31f6
- https://mov.im/node/pubsub.movim.eu/Movim/a2d05925-0427-4f3f-b777-d20571ddddff
- https://github.com/movim/movim/commit/49e2012aecdf918bb1d16f278fa9ff42fad29a9d
- https://github.com/movim/movim/commit/96372082acd3e5d778a2522a60a1805bf2af31f6
- https://mov.im/node/pubsub.movim.eu/Movim/a2d05925-0427-4f3f-b777-d20571ddddff
Products affected by CVE-2023-2848
-
cpe:2.3:a:movim:movim:0.1
-
cpe:2.3:a:movim:movim:0.10
-
cpe:2.3:a:movim:movim:0.11
-
cpe:2.3:a:movim:movim:0.12
-
cpe:2.3:a:movim:movim:0.12.1
-
cpe:2.3:a:movim:movim:0.13
-
cpe:2.3:a:movim:movim:0.14
-
cpe:2.3:a:movim:movim:0.14.1
-
cpe:2.3:a:movim:movim:0.14.2
-
cpe:2.3:a:movim:movim:0.15
-
cpe:2.3:a:movim:movim:0.16
-
cpe:2.3:a:movim:movim:0.16.1
-
cpe:2.3:a:movim:movim:0.17
-
cpe:2.3:a:movim:movim:0.17.1
-
cpe:2.3:a:movim:movim:0.18
-
cpe:2.3:a:movim:movim:0.19
-
cpe:2.3:a:movim:movim:0.2
-
cpe:2.3:a:movim:movim:0.20
-
cpe:2.3:a:movim:movim:0.21
-
cpe:2.3:a:movim:movim:0.21.1
-
cpe:2.3:a:movim:movim:0.3
-
cpe:2.3:a:movim:movim:0.4
-
cpe:2.3:a:movim:movim:0.4.1
-
cpe:2.3:a:movim:movim:0.5
-
cpe:2.3:a:movim:movim:0.6
-
cpe:2.3:a:movim:movim:0.6.1
-
cpe:2.3:a:movim:movim:0.7
-
cpe:2.3:a:movim:movim:0.7.1
-
cpe:2.3:a:movim:movim:0.7.2
-
cpe:2.3:a:movim:movim:0.8
-
cpe:2.3:a:movim:movim:0.8.1
-
cpe:2.3:a:movim:movim:0.9