Login Sign Up

CVE-2023-31819

7.5 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability in KEISEI STORE's LIVRE KEISEI software version 13.6.1 allows remote attackers to access sensitive information through improper handling of channel access tokens in the miniapp function. It affects organizations using this specific version of the LIVRE KEISEI platform for their operations.

💻 Affected Systems

Products:
  • KEISEI STORE Co, Ltd. LIVRE KEISEI
Versions: v.13.6.1
Operating Systems: Not specified, likely cross-platform
Default Config Vulnerable: ⚠️ Yes
Notes: Specifically affects the miniapp function's channel access token handling. Other versions may be affected but only 13.6.1 is confirmed.

📦 What is this software?

Livre by Keisei Store

View all CVEs affecting Livre →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of sensitive business data, customer information, and potential access to backend systems leading to data exfiltration or system takeover.

🟠

Likely Case

Unauthorized access to sensitive business information, customer data, and potentially financial records stored within the application.

🟢

If Mitigated

Limited exposure with proper network segmentation and access controls, but sensitive data remains at risk if the vulnerable component is accessible.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The GitHub reference suggests detailed exploitation information is publicly available, making this easily exploitable.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not provided in references

Restart Required: No

Instructions:

Check with KEISEI STORE Co, Ltd. for security updates. Monitor their official channels for patch announcements.

🔧 Temporary Workarounds

Disable Miniapp Function

all

Temporarily disable the vulnerable miniapp function until a patch is available

Specific commands depend on platform configuration

Network Segmentation

all

Restrict network access to the LIVRE KEISEI application to trusted IPs only

firewall rules specific to your environment

🧯 If You Can't Patch

  • Implement strict network access controls to limit exposure
  • Monitor application logs for unauthorized access attempts to sensitive endpoints

🔍 How to Verify

Check if Vulnerable:

Check if running LIVRE KEISEI version 13.6.1 and if miniapp function is enabled

Check Version:

Application-specific command - check admin interface or configuration files

Verify Fix Applied:

Verify version has been updated beyond 13.6.1 or miniapp function has been properly secured

📡 Detection & Monitoring

Log Indicators:

  • Unusual access patterns to miniapp endpoints
  • Multiple failed then successful authentication attempts

Network Indicators:

  • Unusual outbound data transfers from the application server
  • Requests to sensitive endpoints from unexpected sources

SIEM Query:

Search for: 'source_ip accessing /miniapp/* endpoints' AND 'unusual data volume transfer'

📊 Metadata

CVE ID: CVE-2023-31819
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-311
Published: July 13, 2023
Last Updated: March 3, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-31819, you might also want to check these:

CVE-2023-6339 10.0

CVE-2023-6339 is a critical vulnerability in Google Nest WiFi Pro routers that allows remote attacke...

Same vulnerability type (CWE-311)
CVE-2025-69969 9.6

This critical vulnerability in Pebble Prism Ultra v2.9.2 allows attackers within Bluetooth range to ...

Same vulnerability type (CWE-311)
CVE-2021-27779 9.1

CVE-2021-27779 is a critical information disclosure vulnerability in HCL VersionVault Express that e...

Same vulnerability type (CWE-311)