Vulnerability Description
An issue was discovered in savignano S/Notify before 2.0.1 for Bitbucket. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a malicious website. If executed while an administrator is logged on to Bitbucket, an attacker could exploit this to modify the configuration of the S/Notify app on that host. This can, in particular, lead to email notifications being no longer encrypted when they should be.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Savignano | S-Notify | < 2.0.1 |
Related Weaknesses (CWE)
References
- https://help.savignano.net/snotify-email-encryption/sa-2023-11-28Vendor Advisory
- https://help.savignano.net/snotify-email-encryption/sa-2023-11-28Vendor Advisory
FAQ
What is CVE-2023-50931?
CVE-2023-50931 is a vulnerability with a CVSS score of 8.3 (HIGH). An issue was discovered in savignano S/Notify before 2.0.1 for Bitbucket. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injec...
How severe is CVE-2023-50931?
CVE-2023-50931 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-50931?
Check the references section above for vendor advisories and patch information. Affected products include: Savignano S-Notify.