Description
The product opens an alternate channel to communicate with an authorized user, but the channel is accessible to other actors.
Extended Description
This creates a race condition that allows an attacker to access the channel before the authorized user does.
CVE vulnerabilities with CWE-421 (8)
7.5
CVSS
HIGH
CVE-2023-32256
pub. 2025-08-01
7.5
CVSS
HIGH
CVE-2023-34438
pub. 2023-08-11
6.5
CVSS
MEDIUM
CVE-2023-43687
pub. 2025-08-14
6.5
CVSS
MEDIUM
CVE-2023-22310
pub. 2023-11-14
6.5
CVSS
MEDIUM
CVE-2023-22276
pub. 2023-08-11
4.6
CVSS
MEDIUM
CVE-2023-34349
pub. 2023-08-11
4.3
CVSS
MEDIUM
CVE-2023-40536
pub. 2024-05-16
1.8
CVSS
LOW
CVE-2023-41090
pub. 2024-02-14