CVE-2023-50713

Summary

CVE-2023-50713 is a vulnerability that affects Speckle Server versions prior to 2.17.6. This vulnerability can be exploited by malicious actors who have authorized an application with a 'token write' scope or created a Personal Access Token (PAT) with the same scope. The issue arises because Speckle Server fails to verify that the privileges granted to the new token are not excessive compared to the requesting token. Consequently, an attacker with a token having only token write scope can generate additional tokens with higher privileges, limited to the existing user's privileges. This vulnerability does not allow for privilege escalation or granting additional privileges beyond what the user already possesses. The affected products include various versions of Speckle Server and its utilities. To remediate this issue, users should update their Speckle Server installations to version 2.17.6 or later to mitigate potential risks associated with this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.