Client Secret Leakage in Kaibutsunosato v13.6.1: Exploiting Channel Access Token for Unauthorized Broadcast Messages

CVE-2023-39731 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

The leakage of the client secret in Kaibutsunosato v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.

Learn more about our Web Application Penetration Testing UK.