Home > Vulnerability Database > CVE-2023-33198

Mend.io Vulnerability Database

CVE-2023-33198

Good to know:

Date: May 29, 2023

tgstation-server is a production scale tool for BYOND server management. The DreamMaker API (DMAPI) chat channel cache can possibly be poisoned by a tgstation-server (TGS) restart and reattach. This can result in sending chat messages to one of any of the configured IRC or Discord channels for the instance on enabled chat bots. This lasts until the instance's chat channels are updated in TGS or DreamDaemon is restarted. TGS chat commands are unaffected, custom or otherwise.

Language: C#

Severity Score

6.1

Related Resources (5)

Url: https://github.com/tgstation/tgstation-server/security/advisories/GHSA-p2xj-w57r-6f5m

Url: https://github.com/tgstation/tgstation-server/pull/1493

Url: https://github.com/tgstation/tgstation-server/releases/tag/tgstation-server-v5.12.2

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-33198

Url: https://www.mend.io/vulnerability-database/CVE-2023-33198

Severity Score

6.1

Weakness Type (CWE)

Incorrectly Specified Destination in a Communication Channel

CWE-941

Top Fix

Upgrade Version

Upgrade to version tgstation-server-v5.12.2,dmapi-v6.4.4

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-33198

Good to know:

Date: May 29, 2023

Language: C#

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?