Main Vulnerability Database Vulnerabilities #VU57964

#VU57964 Security restrictions bypass in BTCPay Server

Published: November 5, 2021

Vulnerability identifier: #VU57964

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
BTCPay Server

Software vendor:
BTCPay

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to unspecified vulnerability that impacts owner of shared instances which share their internal lightning nodes. No additional information was shared by the vendor at the time of writing.

Remediation

Install updates from vendor's website.

External links

https://github.com/btcpayserver/btcpayserver/releases/tag/v1.3.2

#VU57964 Security restrictions bypass in BTCPay Server

Description

Remediation

External links

Please verify you're human