CVE-2023-40179

MEDIUM

Silverware Games <1.3.6 - Info Disclosure

Title source: llm

Description

Silverware Games is a premium social network where people can play games online. Prior to version 1.3.6, the Password Recovery form would throw an error if the specified email was not found in our database. It would only display the "Enter the code" form if the email is associated with a member of the site. Since version 1.3.6, the "Enter the code" form is always returned, showing the message "If the entered email is associated with an account, a code will be sent now". This change prevents potential violators from determining if our site has a user with the specified email.

References (1)

[Third Party Advisory] https://github.com/mesosoi/silverwaregames-io-issue-tracker/security/advisories/GHSA-789j-chfj-58hr

Scores

CVSS v3 5.3

EPSS 0.0008

EPSS Percentile 24.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-204

Status published

Products (1)

silverwaregames/silverwaregames < 1.3.6

Published Aug 25, 2023

Tracked Since Feb 18, 2026