Login Sign Up

CVE-2023-31123

9.1 CRITICAL
Authentication Bypass

📋 TL;DR

This vulnerability allows any user with a valid password to log in as any other user on affected tripreporter instances. It affects all users of self-hosted tripreporter instances before the patch, but users of subjective.report are not affected.

💻 Affected Systems

Products:
  • effectindex/tripreporter
Versions: All versions prior to commit bd80ba833b9023d39ca22e29874296c8729dd53b
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects self-hosted instances. Users of subjective.report are not affected.

📦 What is this software?

Tripreporter by Effectindex

View all CVEs affecting Tripreporter →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete account takeover of all users, unauthorized access to all trip reports and personal data, potential data manipulation or deletion.

🟠

Likely Case

Unauthorized users accessing other accounts to view or modify trip reports, potential data leakage of sensitive trip information.

🟢

If Mitigated

Limited to authenticated users only, but still allows privilege escalation within the application.

🌐 Internet-Facing: HIGH - Any internet-facing instance is vulnerable to account takeover attacks from any authenticated user.
🏢 Internal Only: HIGH - Even internal instances are vulnerable to insider threats or compromised accounts.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires a valid user account but allows logging in as any other user with any valid password.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit bd80ba833b9023d39ca22e29874296c8729dd53b or newer

Vendor Advisory: https://github.com/effectindex/tripreporter/security/advisories/GHSA-356r-rwp8-h6m6

Restart Required: Yes

Instructions:

1. Pull latest code from GitHub repository. 2. Apply commit bd80ba833b9023d39ca22e29874296c8729dd53b. 3. Restart the tripreporter service.

🔧 Temporary Workarounds

Manual patch application

all

Apply the specific commit that fixes the password verification logic

git cherry-pick bd80ba833b9023d39ca22e29874296c8729dd53b

🧯 If You Can't Patch

  • Disable user authentication and make the instance read-only if possible
  • Implement network-level access controls to limit who can access the application

🔍 How to Verify

Check if Vulnerable:

Check if your instance is running code from before commit bd80ba833b9023d39ca22e29874296c8729dd53b

Check Version:

git log --oneline -1

Verify Fix Applied:

Verify the commit hash includes bd80ba833b9023d39ca22e29874296c8729dd53b or newer

📡 Detection & Monitoring

Log Indicators:

  • Multiple successful logins from same IP to different accounts
  • Unusual account access patterns
  • Failed login attempts followed by successful logins to different accounts

Network Indicators:

  • Rapid authentication requests to different user accounts from same source

SIEM Query:

source="tripreporter" AND (event="login_success" OR event="authentication") | stats count by src_ip, user | where count > 1

📊 Metadata

CVE ID: CVE-2023-31123
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE: CWE-287
Published: May 8, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-31123, you might also want to check these:

CVE-2024-27767 10.0

CVE-2024-27767 is an authentication bypass vulnerability that allows attackers to gain unauthorized ...

Same vulnerability type (CWE-287)
CVE-2026-24898 10.0

OpenEMR versions before 8.0.0 contain an unauthenticated token disclosure vulnerability in the MedEx...

Same vulnerability type (CWE-287)
CVE-2026-20127 10.0

This critical authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager al...

Same vulnerability type (CWE-287)