How severe is CVE-2023-51663?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2023-51663?

This is classified as CWE-289, which is a common weakness in software security.

CVE-2023-51663

MEDIUM Year: 2023

CVSS v3 Score

5.3

Medium

Weakness Type

CWE-289

View all →

Vulnerability Description

Hail is an open-source, general-purpose, Python-based data analysis tool with additional data types and methods for working with genomic data. Hail relies on OpenID Connect (OIDC) email addresses from ID tokens to verify the validity of a user's domain, but because users have the ability to change their email address, they could create accounts and use resources in clusters that they should not have access to. For example, a user could create a Microsoft or Google account and then change their email to `[email protected]`. This account can then be used to create a Hail Batch account in Hail Batch clusters whose organization domain is `example.org`. The attacker is not able to access private data or impersonate another user, but they would have the ability to run jobs if Hail Batch billing projects are enabled and create Azure Tenants if they have Azure Active Directory Administrator access.

CVE-2024-34519

MEDIUM

CVSS:6.8(Medium)

Avantra Server 24.x before 24.0.7 and 24.1.x before 24.1.1 mishandles the security of dashboards, aka XAN-5367. If a user can create a dashboard with an auto-login user, data disclosure may occur. Acc...

CWE-2892024

CVE-2021-34746

CRITICAL

CVSS:9.8(Critical)

A vulnerability in the TACACS+ authentication, authorization and accounting (AAA) feature of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to byp...

CWE-2892021

CVE-2023-1803

CRITICAL

CVSS:9.8(Critical)

Authentication Bypass by Alternate Name vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17.

CWE-2892023

CVE-2024-56511

CRITICAL

CVSS:9.8(Critical)

DataEase is an open source data visualization analysis tool. Prior to 2.10.4, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which can be bypassed and cause th...

CWE-2892024

CVE-2025-29266

CRITICAL

CVSS:9.6(Critical)

Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and web console as root without authentication if a container is running in Host networking mode with Use Tailscale enabled.

CWE-2892025

CVE-2017-16590

HIGH

CVSS:8.8(High)

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of NetGain Systems Enterprise Manager 7.2.699 build 1001. User interaction is required to exploit this v...

CWE-2892017

CVE-2023-51663

Vulnerability Description

Related Vulnerabilities

CVE-2024-34519

CVE-2021-34746

CVE-2023-1803

CVE-2024-56511

CVE-2025-29266

CVE-2017-16590