CVE-2023-50713

CVSS 3.1 Score 5.0 of 10 (medium)

Details

Published Dec 14, 2023
Updated: Dec 28, 2023
CWE ID 1220

Summary

CVE-2023-50713 is a vulnerability that affects Speckle Server versions prior to 2.17.6. This vulnerability can be exploited by malicious actors who have authorized an application with a 'token write' scope or created a Personal Access Token (PAT) with the same scope. The issue arises because Speckle Server fails to verify that the privileges granted to the new token are not excessive compared to the requesting token. Consequently, an attacker with a token having only token write scope can generate additional tokens with higher privileges, limited to the existing user's privileges. This vulnerability does not allow for privilege escalation or granting additional privileges beyond what the user already possesses. The affected products include various versions of Speckle Server and its utilities. To remediate this issue, users should update their Speckle Server installations to version 2.17.6 or later to mitigate potential risks associated with this vulnerability.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-50713 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options