{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-24T16:49:39.861","vulnerabilities":[{"cve":{"id":"CVE-2023-34243","sourceIdentifier":"security-advisories@github.com","published":"2023-06-08T22:15:09.437","lastModified":"2024-11-21T08:06:50.877","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation-server (TGS), an attacker could discover their username by brute-forcing the login endpoint with an invalid password. When a valid Windows logon was found, a distinct response would be generated. This issue has been addressed in version 5.12.5. Users are advised to upgrade. Users unable to upgrade may be mitigated by rate-limiting API calls with software that sits in front of TGS in the HTTP pipeline such as fail2ban."},{"lang":"es","value":"TGstation es un conjunto de herramientas para gestionar servidores BYOND de producción. En las versiones afectadas, si un usuario de Windows estaba registrado en \"tgstation-server (TGS)\", un atacante podía descubrir su nombre de usuario forzando el endpoint de inicio de sesión con una contraseña no válida. Cuando se encontraba un inicio de sesión de Windows válido, se generaba una respuesta distinta. Este problema se ha solucionado en la versión 5.12.5. Se recomienda a los usuarios que la actualicen. Los usuarios que no puedan actualizar pueden mitigar el problema limitando la velocidad de las llamadas a la API con un software que se sitúe delante de TGS en el canal HTTP, como por ejemplo fail2ban. "}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-307"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:tgstation13:tgstation-server:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0.0","versionEndExcluding":"5.12.5","matchCriteriaId":"39BA735D-72FE-487B-88D4-7E6E2FBF1E39"}]}]}],"references":[{"url":"https://github.com/tgstation/tgstation-server/pull/1526","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/tgstation/tgstation-server/security/advisories/GHSA-w3jx-4x93-76ph","source":"security-advisories@github.com","tags":["Mitigation","Vendor Advisory"]},{"url":"https://github.com/tgstation/tgstation-server/pull/1526","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/tgstation/tgstation-server/security/advisories/GHSA-w3jx-4x93-76ph","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mitigation","Vendor Advisory"]}]}}]}