CVE-2023-28441
Published Mar 24, 2023
Last updated 2 years ago
Overview
- Description
- smartCARS 3 is flight tracking software. In version 0.5.8 and prior, all persons who have failed login attempts will have their password stored in error logs. This problem doesn't occur in version 0.5.9. As a workaround, delete the affected log file, and ensure one logs in correctly.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
Weaknesses
- security-advisories@github.com
- CWE-532
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:invernyx:smartcars_3:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3F5C51C7-A439-4503-813F-C1AF984BCD8B",
"versionEndExcluding": "0.5.9"
}
],
"operator": "OR"
}
]
}
]