CVE-2023-40182 LOW

CVE-2023-40182: silverware-io-issue-tracker server responds in a noticeably different amount of time depending if a given email address exists or not

Vendor Mesosoi
Product silverwaregames-io-issue-tracker
Weakness CWE-208
Published August 25, 2023
Last update September 30, 2024

CVSS base score

3.7/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Silverware Games is a premium social network where people can play games online. When using the Recovery form, a noticeably different amount of time passes depending of whether the specified email address presents in our database or not. This has been fixed in version 1.3.7.

Key dates

02Disclosure timeline

August 25, 2023 CVE published
September 30, 2024 Record updated