CVE-2023-32687

HIGH

Tgstation13 Tgstation-server - Insufficiently Protected Credentials

Title source: rule

Description

tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a workaround, remove the list chat bots permission from users that should not have the ability to view connection strings. Invalidate any credentials previously stored for safety.

References (3)

Scores

CVSS v3 7.7
EPSS 0.0020
EPSS Percentile 41.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Classification

CWE
CWE-522
Status published

Affected Products (1)

tgstation13/tgstation-server < 5.12.1

Timeline

Published May 29, 2023
Tracked Since Feb 18, 2026