CVE-2023-3707 — Authorization Bypass Through User-Controlled Key in Activitypub

CWE-639 — Authorization Bypass Through User-Controlled Key7 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 70.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Automattic Activitypub

Timeline

PublishedOct 16

Description

The ActivityPub WordPress plugin before 1.0.0 does not ensure that post contents to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the content of arbitrary post (such as draft and private) via an IDOR vector. Password protected posts are not affected by this issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

▶NVDautomattic/activitypub< 1.0.0

🔴Vulnerability Details

GHSA

GHSA-2cc2-mcjj-r4mp: The ActivityPub WordPress plugin before 1↗2023-10-16

▶

CVEList

ActivityPub for WordPress < 1.0.0 - Subscriber+ Arbitrary Post Content Disclosure↗2023-10-16

▶

OSV

linux-oracle, linux-oracle-5.4 vulnerabilities↗2023-05-30

▶

OSV

linux-raspi, linux-raspi-5.4 vulnerabilities↗2023-05-25

▶

OSV

linux, linux-aws, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-kvm vulnerabilities↗2023-05-22

▶