CVE-2023-48028

kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the login page, where an attacker can identify valid users based on varying response messages, potentially paving the way for a brute force attack.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gist.github.com/bugplorer/9ae8ad7a9f2a3053ebd07a1b7b54deae	Broken Link
https://nitipoom-jar.github.io/CVE-2023-48028/	Exploit
https://nitipoom-jaroonchaipipat.github.io/security-research-portal/2023-48028
https://gist.github.com/bugplorer/9ae8ad7a9f2a3053ebd07a1b7b54deae	Broken Link
https://nitipoom-jar.github.io/CVE-2023-48028/	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:kodcloud:kodbox:1.46.01:*:*:*:*:*:*:*

History

29 Sep 2025, 14:16

Type	Values Removed	Values Added
References		() https://nitipoom-jaroonchaipipat.github.io/security-research-portal/2023-48028 -

Information

Published : 2023-11-18 00:15

Updated : 2025-09-29 14:16

NVD link : CVE-2023-48028

Mitre link : CVE-2023-48028

CVE.ORG link : CVE-2023-48028

JSON object : View

Products Affected

kodcloud

kodbox

CWE

CWE-307

Improper Restriction of Excessive Authentication Attempts

{"id": "CVE-2023-48028", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-11-18T00:15:07.233", "references": [{"url": "https://gist.github.com/bugplorer/9ae8ad7a9f2a3053ebd07a1b7b54deae", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://nitipoom-jar.github.io/CVE-2023-48028/", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://nitipoom-jaroonchaipipat.github.io/security-research-portal/2023-48028", "source": "cve@mitre.org"}, {"url": "https://gist.github.com/bugplorer/9ae8ad7a9f2a3053ebd07a1b7b54deae", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://nitipoom-jar.github.io/CVE-2023-48028/", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-307"}]}], "descriptions": [{"lang": "en", "value": "kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the login page, where an attacker can identify valid users based on varying response messages, potentially paving the way for a brute force attack."}, {"lang": "es", "value": "kodbox 1.46.01 tiene una falla de seguridad que permite la enumeraci\u00f3n de usuarios. Este problema est\u00e1 presente en la p\u00e1gina de inicio de sesi\u00f3n, donde un atacante puede identificar usuarios v\u00e1lidos bas\u00e1ndose en diferentes mensajes de respuesta, lo que potencialmente allana el camino para un ataque de fuerza bruta."}], "lastModified": "2025-09-29T14:16:42.010", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kodcloud:kodbox:1.46.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "740435BB-2686-421E-AB6E-90A4A1BFC9B9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}