What is CVE-2023-32687?

CVE-2023-32687 is a high-severity vulnerability in Tgstation Tgstation-server, classified under Insufficiently Protected Credentials. CVSS score: 7.7/10. Published 2023-05-29.

How severe is CVE-2023-32687?

High severity. CVSS v3 base score is 7.7 out of 10.

Vulnerability in Tgstation Tgstation-server

CVE-2023-32687

tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. Thi…

EPSS: 0.003 (55.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N.

Affected products

Tgstation Tgstation-server — versions >= 4.7.0, < 5.12.1

Weakness classification (CWE)

CWE-522 — Insufficiently Protected Credentials

References

https://github.com/tgstation/tgstation-server/security/advisories/GHSA-rv76-495p-g7cp (x_refsource_CONFIRM)
https://github.com/tgstation/tgstation-server/pull/1487 (x_refsource_MISC)
https://github.com/tgstation/tgstation-server/releases/tag/tgstation-server-v5.12.1 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-32687?: CVE-2023-32687 is a high-severity vulnerability in Tgstation Tgstation-server, classified under Insufficiently Protected Credentials. CVSS score: 7.7/10. Published 2023-05-29.
How severe is CVE-2023-32687?: High severity. CVSS v3 base score is 7.7 out of 10.