CVE-2023-4714
published 2023-09-01CVE-2023-4714: A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The…
PriorityP355high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
5.21%
91.5th percentile
A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. The identifier VDB-238577 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| playtube | playtube | — | — |
Detection & IOCsextracted from sources · hover to see the quote
yara↗
words: ["razorpay_options", "PlayTube", "key:"] (condition: and) with HTTP 200 response
- →Send a GET request to the root path of a PlayTube 3.0.1 instance; a vulnerable host will return HTTP 200 with a response body containing the strings 'razorpay_options', 'PlayTube', and 'key:' simultaneously — indicating a leaked Razorpay API key via the Redirect Handler component. ↗
- →Extract the leaked Razorpay API key from the response body using the regex pattern 'key: "([a-z_A-Z0-9]+)"' — the captured group contains the plaintext API key disclosed by the vulnerable Redirect Handler. ↗
- ·The vendor was contacted early about this disclosure but did not respond; no official patch confirmation is available. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
PlayTube 3.0.1 - Information Disclosure
nuclei·CVSS 7.5
CVE-2023-4714 [HIGH] PlayTube 3.0.1 - Information Disclosure
PlayTube 3.0.1 - Information Disclosure
A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely.
Template:
id: CVE-2023-4714
info:
name: PlayTube 3.0.1 - Information Disclosure
author: Farish
severity: high
description: |
A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely.
remediation: |
Apply the latest security patches and updates from the vendor to address this vulnerability.
impact: |
An attacker can exploit this vu
No writeups or analysis indexed.
2023-09-01
Published