cbcvebase.
CVE-2023-4714
published 2023-09-01

CVE-2023-4714: A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The…

PriorityP355high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
5.21%
91.5th percentile
A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. The identifier VDB-238577 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected

1 ranges
VendorProductVersion rangeFixed in
playtubeplaytube

Detection & IOCsextracted from sources · hover to see the quote

yara
words: ["razorpay_options", "PlayTube", "key:"] (condition: and) with HTTP 200 response
  • Send a GET request to the root path of a PlayTube 3.0.1 instance; a vulnerable host will return HTTP 200 with a response body containing the strings 'razorpay_options', 'PlayTube', and 'key:' simultaneously — indicating a leaked Razorpay API key via the Redirect Handler component.
  • Extract the leaked Razorpay API key from the response body using the regex pattern 'key: "([a-z_A-Z0-9]+)"' — the captured group contains the plaintext API key disclosed by the vulnerable Redirect Handler.
  • ·The vendor was contacted early about this disclosure but did not respond; no official patch confirmation is available.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.