CVE-2023-29192

SilverwareGames.io users with access to the game upload panel are able to edit download links for games uploaded by other developers

CVSS 2.7 LOWEPSS 0.4%CWE-668

Vexday Risk Score

8Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 2.7EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

10 Apr 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

SilverwareGames.io versions before 1.2.19 allow users with access to the game upload panel to edit download links for games uploaded by other developers. This has been fixed in version 1.2.19.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Affected products

mesosoi · silverwaregames-io-issue-tracker

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/mesosoi/silverwaregames-io-issue-tracker/security/advisories/GHSA-m6h6-wph7-498f