CVE-2023-5916 MEDIUM

CVE-2023-5916: Lissy93 Dashy Configuration save access control

Vendor Lissy93

Product Dashy

Weakness CWE-284

Published November 2, 2023

Last update February 27, 2025

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability classified as critical has been found in Lissy93 Dashy 2.1.1. This affects an unknown part of the file /config-manager/save of the component Configuration Handler. The manipulation of the argument config leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-244305 was assigned to this vulnerability.

Key dates

02Disclosure timeline

November 2, 2023 CVE published

February 27, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-5916

Related vulnerabilities

CVE-2023-5916: Lissy93 Dashy Configuration save access control

01Description

02Disclosure timeline

03References

04Related CVE