CVE-2023-39053 – CVE-2023-39053 is an information disclosure vul... (How to Fix)

Q: What is the severity of CVE-2023-39053?

CVE-2023-39053 has a CVSS score of 7.5 (HIGH). CVE-2023-39053 is an information disclosure vulnerability in Hattoriya v13.6.1 that allows attackers to leak the channel access token. This enables unauthorized message sending through the compromised channel. Organizations using vulnerable Hattoriya versions are affected.

📋 TL;DR

CVE-2023-39053 is an information disclosure vulnerability in Hattoriya v13.6.1 that allows attackers to leak the channel access token. This enables unauthorized message sending through the compromised channel. Organizations using vulnerable Hattoriya versions are affected.

💻 Affected Systems

Products:

Hattoriya

Versions: v13.6.1

Operating Systems: All platforms running Hattoriya

Default Config Vulnerable: ⚠️ Yes

Notes: Specific to Hattoriya v13.6.1; earlier versions may also be affected but not confirmed.

📦 What is this software?

Line Mini App by Lycorp

View all CVEs affecting Line Mini App →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers obtain channel access token and send malicious messages to all channel members, potentially spreading malware or phishing links.

🟠

Likely Case

Unauthorized message injection leading to spam, misinformation, or social engineering attacks through the compromised channel.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, though token exposure remains a concern.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation details available in public GitHub repositories; token leakage enables straightforward message crafting.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v13.6.2 or later

Vendor Advisory: https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39053.md

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Update Hattoriya to v13.6.2 or later. 3. Restart the Hattoriya service. 4. Regenerate channel access tokens as precaution.

🔧 Temporary Workarounds

Network Isolation

linux

Restrict network access to Hattoriya instance to trusted IPs only.

iptables -A INPUT -p tcp --dport [Hattoriya_port] -s [trusted_IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [Hattoriya_port] -j DROP

Token Rotation

all

Manually rotate channel access tokens to invalidate any potentially leaked tokens.

# Access Hattoriya admin panel and regenerate tokens

🧯 If You Can't Patch

Implement strict network access controls to limit exposure.
Monitor for unusual message sending patterns and token usage.

🔍 How to Verify

Check if Vulnerable:

Check Hattoriya version via admin interface or configuration files; if version is exactly v13.6.1, it is vulnerable.

Check Version:

grep -i version /path/to/hattoriya/config or check admin panel

Verify Fix Applied:

Confirm version is v13.6.2 or later and test token access controls.

📡 Detection & Monitoring

Log Indicators:

Unusual token access patterns
Failed authentication attempts for channel tokens
Messages sent from unexpected sources

Network Indicators:

Unexpected outbound connections from Hattoriya server
Anomalous message traffic patterns

SIEM Query:

source="hattoriya" AND (event="token_access" OR event="message_sent") | stats count by src_ip

📊 Metadata

CVE ID: CVE-2023-39053

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-200

Published: November 2, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39053.md Exploit,Third Party Advisory
https://liff.line.me/1657507029-eDjDJQ68 Product
https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39053.md Exploit,Third Party Advisory
https://liff.line.me/1657507029-eDjDJQ68 Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-39053, you might also want to check these: