CVE-2023-50932

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Jan 9, 2024
Updated: Jan 17, 2024
CWE ID 352

Summary

CVE-2023-50932 is a vulnerability found in savignano S/Notify before version 4.0.2 for Confluence. This vulnerability allows an attacker to modify the configuration settings of S/Notify through a CSRF attack while an administrative user is logged on. The injection can be initiated by the administrator clicking a malicious link in an email or visiting a malicious website. If successfully executed, this vulnerability can result in the modification of the S/Notify app's configuration, potentially leading to unencrypted email notifications when they should be encrypted. The base severity of this vulnerability is rated as HIGH, with a base score of 7.1 out of 10, posing a significant danger to organizations using the affected software. Remediation for this vulnerability involves updating savignano S/Notify to version 4.0.2 or later to mitigate the risk of exploitation.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-50932 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options