CVE-2023-48028

critical

Description

kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the login page, where an attacker can identify valid users based on varying response messages, potentially paving the way for a brute force attack.

References

https://nitipoom-jaroonchaipipat.github.io/security-research-portal/2023-48028

https://nitipoom-jar.github.io/CVE-2023-48028/

https://gist.github.com/bugplorer/9ae8ad7a9f2a3053ebd07a1b7b54deae

Details

Source: Mitre, NVD

Published: 2023-11-18

Updated: 2025-09-29

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00594