cbcvebase.
CVE-2023-0744
published 2023-02-08

CVE-2023-0744: Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4.

PriorityP264critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
6.37%
92.8th percentile
Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4.

Affected

3 ranges
VendorProductVersion rangeFixed in
answeranswer< 1.0.41.0.4
answerdevanswerdev_answer>= unspecified < 1.0.41.0.4
github.comanswerdev_answer>= 0 < 1.0.41.0.4

Detection & IOCsextracted from sources · hover to see the quote

urlanswer/api/v1/user/password/reset
urlusers/password-reset?code=
versionanswerdev/answer < 1.0.4
  • Monitor for unauthenticated POST requests to the password reset API endpoint `answer/api/v1/user/password/reset` — the exploit directly calls this endpoint with only an email address (`{"e_mail": email}`) to retrieve a valid password reset code, enabling account takeover without user interaction.
  • Alert on API responses from `answer/api/v1/user/password/reset` that return a reset code directly in the JSON `data` field to an unauthenticated caller — this is the improper access control condition being exploited.
  • Detect rapid or scripted sequences of POST to `answer/api/v1/user/password/reset` followed immediately by GET to `users/password-reset?code=` — this two-step pattern is the full account takeover flow.
  • ·The exploit disables TLS certificate verification (`verify=False`), meaning the attack may be conducted over HTTPS against self-signed or misconfigured certificates. TLS inspection or certificate pinning will not prevent exploitation.
  • ·Affected versions are strictly prior to 1.0.4; instances running 1.0.3 or earlier are vulnerable. Ensure version detection rules target this range.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.