1 results (0.002 seconds)
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28109 – Play With Docker vulnerable to Authorization Bypass Through User-Controlled Key
https://notcve.org/view.php?id=CVE-2023-28109
16 Mar 2023 — Play With Docker is a browser-based Docker playground. Versions 0.0.2 and prior are vulnerable to domain hijacking. Because CORS configuration was not correct, an attacker could use `play-with-docker.com` as an example and set the origin header in an http request as `evil-play-with-docker.com`. The domain would echo in response header, which successfully bypassed the CORS policy and retrieved basic user information. This issue has been fixed in commit ed82247c9ab7990ad76ec2bf1498c2b2830b6f1a. There are no k... • https://github.com/play-with-docker/play-with-docker/commit/ed82247c9ab7990ad76ec2bf1498c2b2830b6f1a • CWE-639: Authorization Bypass Through User-Controlled Key •