MidnightBSD

Advisories for cbot

CVE-2023-2882

Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@usom.gov.tr 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 3.1 6.0

Products Affected

Vendor Product Version
cbot cbot_panel *
cbot cbot_core *
CVE-2023-2883

Authorization Bypass Through User-Controlled Key vulnerability in CBOT Chatbot allows Authentication Abuse, Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@usom.gov.tr 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

Products Affected

Vendor Product Version
cbot cbot_panel *
cbot cbot_core *
CVE-2023-2884

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@usom.gov.tr 6.4 MEDIUM CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L 1.6 4.7

Products Affected

Vendor Product Version
cbot cbot_panel *
cbot cbot_core *
CVE-2023-2885

Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in CBOT Chatbot allows Adversary in the Middle (AiTM).This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@usom.gov.tr 9.9 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L 3.9 5.3

Products Affected

Vendor Product Version
cbot cbot_panel *
cbot cbot_core *
CVE-2023-2886

Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@usom.gov.tr 7.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L 2.8 4.7

Products Affected

Vendor Product Version
cbot cbot_panel *
cbot cbot_core *
CVE-2023-2887

Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cve@usom.gov.tr 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

Products Affected

Vendor Product Version
cbot cbot_panel *
cbot cbot_core *