CVE-2023-50931
CVSS 3.1 Score 7.1 of 10 (high)
Details
Published Jan 9, 2024
Updated: Jan 17, 2024
CWE ID 352
Summary
CVE-2023-50931 is a vulnerability affecting the savignano S/Notify version prior to 2.0.1 used with Bitbucket. An administrative user, upon clicking a malicious link in an email or visiting a malicious website, can be subjected to a Cross-Site Request Forgery (CSRF) attack. An attacker, if successful, can manipulate the configuration settings of the S/Notify app on the affected Bitbucket host. Consequences of this vulnerability can include the disabling of email notifications encryption, posing a significant security risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share