How severe is CVE-2023-36817?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2023-36817?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2023-36817 - CRITICAL Severity | CVSS 9.1

Vulnerability Description

`tktchurch/website` contains the codebase for The King's Temple Church website. In version 0.1.0, a Stripe API key was found in the public code repository of the church's project. This sensitive information was unintentionally committed and subsequently exposed in the codebase. If an unauthorized party gains access to this key, they could potentially carry out transactions on behalf of the organization, leading to financial losses. Additionally, they could access sensitive customer information, leading to privacy violations and potential legal implications. The affected component is the codebase of our project, specifically the file(s) where the Stripe API key is embedded. The key should have been stored securely, and not committed to the codebase. The maintainers plan to revoke the leaked Stripe API key immediately, generate a new one, and not commit the key to the codebase.

Related Vulnerabilities

CVE-2010-2783

CRITICAL

CVSS:9.1(Critical)

IcedTea6 before 1.7.4 allow unsigned apps to read and write arbitrary files, related to Extended JNLP Services.

CWE-2002010

CVE-2015-2254

CRITICAL

CVSS:9.1(Critical)

Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to capture and change patch loading information resulting in the deletion of directory files and compro...

CWE-2002015

CVE-2015-5041

CRITICAL

CVSS:9.1(Critical)

The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject d...

CWE-2002015

CVE-2016-0903

CRITICAL

CVSS:9.1(Critical)

Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 rely on client-side authentication, which allows remote attackers to spoof clients and read backup data v...

CWE-2002016

CVE-2016-3312

CRITICAL

CVSS:9.1(Critical)

ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows attackers to discover credentials by leveraging failure of Universal Outlook to obtain a secure connection, aka "Universal Outlook Infor...

CWE-2002016

CVE-2017-0879

CRITICAL

CVSS:9.1(Critical)

An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-65025028.

CWE-2002017