These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2023-2887 is a Critical authentication bypass vulnerability in CBOT Chatbot. According to the CVE record, affected deployments include Chatbot Core versions before 4.0.3.4 and Panel versions before 4.0.3.7. The published CVSS v3.1 vector is 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating a network-reachable issue with no privileges or user interaction required and high impact if exploited.
CVE-2023-2886 is a medium-severity vulnerability in Cbot Chatbot involving missing Origin validation in WebSockets. According to the CVE record, the issue can allow content spoofing through application API manipulation. The affected versions listed in the source are Cbot Core before 4.0.3.4 and Cbot Panel before 4.0.3.7. The CVE was published on 2023-05-25, and NVD later marked the record modified on 2024-11-21.
CVE-2023-2885 is a high-severity vulnerability in Cbot Chatbot involving improper enforcement of message integrity during transmission in a communication channel. In practical terms, this creates an adversary-in-the-middle risk for affected deployments. According to the NVD record, the issue affects Chatbot Core versions before 4.0.3.4 and Panel versions before 4.0.3.7.
CVE-2023-2884 is a critical weakness in CBOT Chatbot where cryptographically weak pseudo-random values can enable signature spoofing by key recreation. According to the NVD record, the issue affects CBOT Chatbot Core versions before v4.0.3.4 and Panel versions before v4.0.3.7. The published CVSS vector indicates a network-reachable, unauthenticated attack with high impact to confidentiality, integrity, an [truncated]
CVE-2023-2883 is a high-severity authorization bypass issue in CBOT Chatbot. The vulnerability is described as an authorization bypass through a user-controlled key and is associated with authentication abuse and authentication bypass. According to the CVE data, affected versions are CBOT Chatbot Core before v4.0.3.4 and Panel before v4.0.3.7. The official severity rating is CVSS 8.8 (HIGH), with network- [truncated]