CVSS 3.1 Score 5.3 of 10 (medium)


Published Dec 29, 2023
Updated: Jan 5, 2024
CWE ID 289


CVE-2023-51663 is a vulnerability in Hail, an open-source Python-based data analysis tool that works with genomic data. The vulnerability allows users to change their email addresses, which can then be used to create Hail Batch accounts and access resources in clusters they should not have access to. This can be exploited by creating accounts with email addresses from different domains and running jobs on Hail Batch clusters. While the attacker cannot access private data or impersonate other users, they can create Azure Tenants if they have Azure Active Directory Administrator access. The vulnerability affects various products associated with Hail. To remediate the issue, organizations using Hail should ensure that email address changes are properly validated and restrict access to Hail Batch accounts based on domain verification. The potential danger of this vulnerability lies in unauthorized access to resources and unauthorized use of computing resources, which could lead to financial loss or disruption of services for affected organizations.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-51663 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options