What is the severity of CVE-2023-49801?

CVE-2023-49801 is classified as a high-severity vulnerability due to the lack of proper checks on file uploads.

How do I fix CVE-2023-49801?

To fix CVE-2023-49801, ensure that proper validation and sanitation checks are implemented for files received through the `get_pfp` and `get_banner` routes.

What are the affected versions for CVE-2023-49801?

CVE-2023-49801 affects versions of Lif Authentication Server up to but not including 1.4.0.

What functionality is compromised by CVE-2023-49801?

CVE-2023-49801 compromises the user profile picture and banner functionality through insecure file handling.

Is authentication affected by CVE-2023-49801?

CVE-2023-49801 primarily impacts file management for account features and does not directly affect authentication mechanisms.

Vulnerability/
CVE-2023-49801

high

7.5

CWE

22 23

12/1/2024

14/11/2024

CVE-2023-49801: Lif Auth Server vulnerable to uncontrolled data in path expression

First published: Fri Jan 12 2024(Updated: )

Lif Auth Server is a server for validating logins, managing information, and account recovery for Lif Accounts. The issue relates to the `get_pfp` and `get_banner` routes on Auth Server. The issue is that there is no check to ensure that the file that Auth Server is receiving through these URLs is correct. This could allow an attacker access to files they shouldn't have access to. This issue has been patched in version 1.4.0.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Lifplatforms Lif Authentication Server	<1.4.0

Remedy

https://github.com/Lif-Platforms/Lif-Auth-Server/commit/c235bcc2ee65e4a0dfb10284cf2cbc750213efeb

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-49801?
CVE-2023-49801 is classified as a high-severity vulnerability due to the lack of proper checks on file uploads.
How do I fix CVE-2023-49801?
To fix CVE-2023-49801, ensure that proper validation and sanitation checks are implemented for files received through the `get_pfp` and `get_banner` routes.
What are the affected versions for CVE-2023-49801?
CVE-2023-49801 affects versions of Lif Authentication Server up to but not including 1.4.0.
What functionality is compromised by CVE-2023-49801?
CVE-2023-49801 compromises the user profile picture and banner functionality through insecure file handling.
Is authentication affected by CVE-2023-49801?
CVE-2023-49801 primarily impacts file management for account features and does not directly affect authentication mechanisms.

agent/references
agent/author
agent/title
agent/weakness
agent/type
agent/first-publish-date
agent/remedy
agent/severity
agent/description
agent/event
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/lifplatforms
canonical/lifplatforms lif authentication server

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.