How severe is CVE-2023-41338?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2023-41338?

This is classified as CWE-670, which is a common weakness in software security.

CVE-2023-41338 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

Fiber is an Express inspired web framework built in the go language. Versions of gofiber prior to 2.49.2 did not properly restrict access to localhost. This issue impacts users of our project who rely on the `ctx.IsFromLocal` method to restrict access to localhost requests. If exploited, it could allow unauthorized access to resources intended only for localhost. Setting `X-Forwarded-For: 127.0.0.1` in a request from a foreign host, will result in true for `ctx.IsFromLocal`. Access is limited to the scope of the affected process. This issue has been patched in version `2.49.2` with commit `b8c9ede6`. Users are advised to upgrade. There are no known workarounds to remediate this vulnerability without upgrading to the patched version.

Related Vulnerabilities

CVE-2020-35477

MEDIUM

CVSS:5.3(Medium)

MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggle...

CWE-6702020

CVE-2020-5753

MEDIUM

CVSS:5.3(Medium)

Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate handling...

CWE-6702020

CVE-2021-0273

MEDIUM

CVSS:5.3(Medium)

An always-incorrect control flow implementation in the implicit filter terms of Juniper Networks Junos OS and Junos OS Evolved on ACX5800, EX9200 Series, MX10000 Series, MX240, MX480, MX960 devices wi...

CWE-6702021

CVE-2021-43819

MEDIUM

CVSS:5.3(Medium)

Stargate-Bukkit is a mod for the minecraft video game which adds a portal focused environment. In affected versions Minecarts with chests will drop their items when teleporting through a portal; when ...

CWE-6702021

CVE-2021-43979

MEDIUM

CVSS:5.3(Medium)

Styra Open Policy Agent (OPA) Gatekeeper through 3.7.0 mishandles concurrency, sometimes resulting in incorrect access control. The data replication mechanism allows policies to access the Kubernetes ...

CWE-6702021

CVE-2021-45852

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious attackers can add patients without restriction via add_patient.php.

CWE-6702021