CVE-2023-23128

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-23128
Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and that there is no risk from this behavior. The vulnerability report is thus not valid.

6.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/l00neyhacker/CVE-2023-23128 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:connectwise:connectwise:22.8.10013.8329:*:*:*:*:*:*:*
History

07 Nov 2023, 04:07

Type Values Removed Values Added
Summary ** DISPUTED **Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and that there is no risk from this behavior. The vulnerability report is thus not valid. Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and that there is no risk from this behavior. The vulnerability report is thus not valid.

08 Feb 2023, 20:25

Type Values Removed Values Added
References (MISC) https://github.com/l00neyhacker/CVE-2023-23128 - (MISC) https://github.com/l00neyhacker/CVE-2023-23128 - Third Party Advisory
CPE cpe:2.3:a:connectwise:connectwise:22.8.10013.8329:*:*:*:*:*:*:*
First Time Connectwise
Connectwise connectwise
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.1
CWE NVD-CWE-Other

03 Feb 2023, 03:15

Type Values Removed Values Added
Summary ** DISPUTED ** Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and that there is no risk from this behavior. The vulnerability report is thus not valid. ** DISPUTED **Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and that there is no risk from this behavior. The vulnerability report is thus not valid.

02 Feb 2023, 16:19

Type Values Removed Values Added
Summary Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). ** DISPUTED ** Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and that there is no risk from this behavior. The vulnerability report is thus not valid.

01 Feb 2023, 14:45

Type Values Removed Values Added
New CVE
Information

Published : 2023-02-01 14:15

Updated : 2024-04-11 01:18

NVD link : CVE-2023-23128

Mitre link : CVE-2023-23128

CVE.ORG link : CVE-2023-23128

JSON object : View

Products Affected

connectwise

  • connectwise
CWE
NVD-CWE-Other