CRITICAL🇵🇱 Wersja polska

CVE-2023-47435

CVSS 9.8v3.1pub. 2024-04-19upd. 2026-04-15

An issue in the verifyPassword function of hexo-theme-matery v2.0.0 allows attackers to bypass authentication and access password protected pages.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-294 (Authentication Bypass by Capture-replay) indicates that the password verification mechanism in the verifyPassword function is susceptible to bypassing the authentication process. An attacker can gain access to pages that should be protected without knowing the correct password. The vulnerability is accessible remotely, without authentication and without user interaction on the victim's side.

Impact

An attacker gains unauthorized access to password-protected content on websites using the vulnerable theme, which may lead to disclosure of sensitive information, and depending on the site configuration, may also result in violation of data integrity and availability.

Mitigation & patch

Patches available from the vendor should be applied according to the references. It is recommended to monitor the official project repository on GitHub (blinkfox/hexo-theme-matery) for current information about the fix. Until the patch is implemented, it is advisable to remove password protection from sensitive pages or restrict access to them at the web server or firewall level.

Who is affected

hexo-theme-matery version 2.0.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References