CVE-2023-33198 (GCVE-0-2023-33198)
Vulnerability from cvelistv5
Published
2023-05-30 04:37
Modified
2025-01-10 20:08
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
CWE
  • CWE-941 - Incorrectly Specified Destination in a Communication Channel
Summary
tgstation-server is a production scale tool for BYOND server management. The DreamMaker API (DMAPI) chat channel cache can possibly be poisoned by a tgstation-server (TGS) restart and reattach. This can result in sending chat messages to one of any of the configured IRC or Discord channels for the instance on enabled chat bots. This lasts until the instance's chat channels are updated in TGS or DreamDaemon is restarted. TGS chat commands are unaffected, custom or otherwise.
References
Impacted products
Vendor Product Version
tgstation tgstation-server Version: >= 4.0.0, < 5.12.2
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:39:35.660Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/tgstation/tgstation-server/security/advisories/GHSA-p2xj-w57r-6f5m",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/tgstation/tgstation-server/security/advisories/GHSA-p2xj-w57r-6f5m"
          },
          {
            "name": "https://github.com/tgstation/tgstation-server/pull/1493",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tgstation/tgstation-server/pull/1493"
          },
          {
            "name": "https://github.com/tgstation/tgstation-server/releases/tag/tgstation-server-v5.12.2",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tgstation/tgstation-server/releases/tag/tgstation-server-v5.12.2"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-33198",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-10T20:08:22.883068Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-10T20:08:33.075Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "tgstation-server",
          "vendor": "tgstation",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 5.12.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "tgstation-server is a production scale tool for BYOND server management. The DreamMaker API (DMAPI) chat channel cache can possibly be poisoned by a tgstation-server (TGS) restart and reattach. This can result in sending chat messages to one of any of the configured IRC or Discord channels for the instance on enabled chat bots. This lasts until the instance\u0027s chat channels are updated in TGS or DreamDaemon is restarted. TGS chat commands are unaffected, custom or otherwise.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-941",
              "description": "CWE-941: Incorrectly Specified Destination in a Communication Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-30T04:37:13.928Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/tgstation/tgstation-server/security/advisories/GHSA-p2xj-w57r-6f5m",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/tgstation/tgstation-server/security/advisories/GHSA-p2xj-w57r-6f5m"
        },
        {
          "name": "https://github.com/tgstation/tgstation-server/pull/1493",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tgstation/tgstation-server/pull/1493"
        },
        {
          "name": "https://github.com/tgstation/tgstation-server/releases/tag/tgstation-server-v5.12.2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tgstation/tgstation-server/releases/tag/tgstation-server-v5.12.2"
        }
      ],
      "source": {
        "advisory": "GHSA-p2xj-w57r-6f5m",
        "discovery": "UNKNOWN"
      },
      "title": "Incorrectly Specified Chat Message Destinations in tgstation-server and DreamMaker API"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-33198",
    "datePublished": "2023-05-30T04:37:13.928Z",
    "dateReserved": "2023-05-17T22:25:50.700Z",
    "dateUpdated": "2025-01-10T20:08:33.075Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-33198\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-05-30T05:15:12.033\",\"lastModified\":\"2024-11-21T08:05:06.430\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"tgstation-server is a production scale tool for BYOND server management. The DreamMaker API (DMAPI) chat channel cache can possibly be poisoned by a tgstation-server (TGS) restart and reattach. This can result in sending chat messages to one of any of the configured IRC or Discord channels for the instance on enabled chat bots. This lasts until the instance\u0027s chat channels are updated in TGS or DreamDaemon is restarted. TGS chat commands are unaffected, custom or otherwise.\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-941\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tgstation13:tgstation-server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndExcluding\":\"5.12.2\",\"matchCriteriaId\":\"CE4AC7A1-7A9D-4546-A057-EDC58867C319\"}]}]}],\"references\":[{\"url\":\"https://github.com/tgstation/tgstation-server/pull/1493\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/tgstation/tgstation-server/releases/tag/tgstation-server-v5.12.2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/tgstation/tgstation-server/security/advisories/GHSA-p2xj-w57r-6f5m\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/tgstation/tgstation-server/pull/1493\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/tgstation/tgstation-server/releases/tag/tgstation-server-v5.12.2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/tgstation/tgstation-server/security/advisories/GHSA-p2xj-w57r-6f5m\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/tgstation/tgstation-server/security/advisories/GHSA-p2xj-w57r-6f5m\", \"name\": \"https://github.com/tgstation/tgstation-server/security/advisories/GHSA-p2xj-w57r-6f5m\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/tgstation/tgstation-server/pull/1493\", \"name\": \"https://github.com/tgstation/tgstation-server/pull/1493\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/tgstation/tgstation-server/releases/tag/tgstation-server-v5.12.2\", \"name\": \"https://github.com/tgstation/tgstation-server/releases/tag/tgstation-server-v5.12.2\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T15:39:35.660Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-33198\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-10T20:08:22.883068Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-10T20:08:27.448Z\"}}], \"cna\": {\"title\": \"Incorrectly Specified Chat Message Destinations in tgstation-server and DreamMaker API\", \"source\": {\"advisory\": \"GHSA-p2xj-w57r-6f5m\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"tgstation\", \"product\": \"tgstation-server\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 4.0.0, \u003c 5.12.2\"}]}], \"references\": [{\"url\": \"https://github.com/tgstation/tgstation-server/security/advisories/GHSA-p2xj-w57r-6f5m\", \"name\": \"https://github.com/tgstation/tgstation-server/security/advisories/GHSA-p2xj-w57r-6f5m\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/tgstation/tgstation-server/pull/1493\", \"name\": \"https://github.com/tgstation/tgstation-server/pull/1493\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/tgstation/tgstation-server/releases/tag/tgstation-server-v5.12.2\", \"name\": \"https://github.com/tgstation/tgstation-server/releases/tag/tgstation-server-v5.12.2\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"tgstation-server is a production scale tool for BYOND server management. The DreamMaker API (DMAPI) chat channel cache can possibly be poisoned by a tgstation-server (TGS) restart and reattach. This can result in sending chat messages to one of any of the configured IRC or Discord channels for the instance on enabled chat bots. This lasts until the instance\u0027s chat channels are updated in TGS or DreamDaemon is restarted. TGS chat commands are unaffected, custom or otherwise.\\n\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-941\", \"description\": \"CWE-941: Incorrectly Specified Destination in a Communication Channel\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-05-30T04:37:13.928Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-33198\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-10T20:08:33.075Z\", \"dateReserved\": \"2023-05-17T22:25:50.700Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2023-05-30T04:37:13.928Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.