CVE-2023-0744
published 2023-02-08CVE-2023-0744: Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4.
PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
6.37%
92.8th percentile
Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| answer | answer | < 1.0.4 | 1.0.4 |
| answerdev | answerdev_answer | >= unspecified < 1.0.4 | 1.0.4 |
| github.com | answerdev_answer | >= 0 < 1.0.4 | 1.0.4 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated POST requests to the password reset API endpoint `answer/api/v1/user/password/reset` — the exploit directly calls this endpoint with only an email address (`{"e_mail": email}`) to retrieve a valid password reset code, enabling account takeover without user interaction. ↗
- →Alert on API responses from `answer/api/v1/user/password/reset` that return a reset code directly in the JSON `data` field to an unauthenticated caller — this is the improper access control condition being exploited. ↗
- →Detect rapid or scripted sequences of POST to `answer/api/v1/user/password/reset` followed immediately by GET to `users/password-reset?code=` — this two-step pattern is the full account takeover flow. ↗
- ·The exploit disables TLS certificate verification (`verify=False`), meaning the attack may be conducted over HTTPS against self-signed or misconfigured certificates. TLS inspection or certificate pinning will not prevent exploitation. ↗
- ·Affected versions are strictly prior to 1.0.4; instances running 1.0.3 or earlier are vulnerable. Ensure version detection rules target this range. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Answer contains Improper Access Control vulnerability in github.com/answerdev/answer
osv·2024-08-20
CVE-2023-0744 Answer contains Improper Access Control vulnerability in github.com/answerdev/answer
Answer contains Improper Access Control vulnerability in github.com/answerdev/answer
Answer contains Improper Access Control vulnerability in github.com/answerdev/answer
OSV
Answer contains Improper Access Control vulnerability
osv·2023-02-08
CVE-2023-0744 [CRITICAL] Answer contains Improper Access Control vulnerability
Answer contains Improper Access Control vulnerability
Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4.
GHSA
Answer contains Improper Access Control vulnerability
ghsa·2023-02-08
CVE-2023-0744 [CRITICAL] CWE-284 Answer contains Improper Access Control vulnerability
Answer contains Improper Access Control vulnerability
Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/171733/Answerdev-1.0.3-Account-Takeover.htmlhttps://github.com/answerdev/answer/commit/c1fa2b13f6b547b96da60b23350bbe2b29de542dhttps://huntr.dev/bounties/35a0e12f-1d54-4fc0-8779-6a4949b7c434http://packetstormsecurity.com/files/171733/Answerdev-1.0.3-Account-Takeover.htmlhttps://github.com/answerdev/answer/commit/c1fa2b13f6b547b96da60b23350bbe2b29de542dhttps://huntr.dev/bounties/35a0e12f-1d54-4fc0-8779-6a4949b7c434
2023-02-08
Published