Vulnerability Description
`tktchurch/website` contains the codebase for The King's Temple Church website. In version 0.1.0, a Stripe API key was found in the public code repository of the church's project. This sensitive information was unintentionally committed and subsequently exposed in the codebase. If an unauthorized party gains access to this key, they could potentially carry out transactions on behalf of the organization, leading to financial losses. Additionally, they could access sensitive customer information, leading to privacy violations and potential legal implications. The affected component is the codebase of our project, specifically the file(s) where the Stripe API key is embedded. The key should have been stored securely, and not committed to the codebase. The maintainers plan to revoke the leaked Stripe API key immediately, generate a new one, and not commit the key to the codebase.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kingstemple | The King\'S Temple Church Website | 0.1.0 |
Related Weaknesses (CWE)
References
- https://github.com/tktchurch/website/security/advisories/GHSA-x3m6-5hmf-5x3wMitigationThird Party Advisory
- https://github.com/tktchurch/website/security/advisories/GHSA-x3m6-5hmf-5x3wMitigationThird Party Advisory
FAQ
What is CVE-2023-36817?
CVE-2023-36817 is a vulnerability with a CVSS score of 7.5 (HIGH). `tktchurch/website` contains the codebase for The King's Temple Church website. In version 0.1.0, a Stripe API key was found in the public code repository of the church's project. This sensitive infor...
How severe is CVE-2023-36817?
CVE-2023-36817 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-36817?
Check the references section above for vendor advisories and patch information. Affected products include: Kingstemple The King\'S Temple Church Website.