Main Vulnerability Database Vulnerabilities #VU57964

Security restrictions bypass in BTCPay Server - #VU57964

Published: November 5, 2021

Vulnerability identifier: #VU57964

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: BTCPay

Affected software:
BTCPay Server

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to unspecified vulnerability that impacts owner of shared instances which share their internal lightning nodes. No additional information was shared by the vendor at the time of writing.

Remediation

Install updates from vendor's website.

Sources

https://github.com/btcpayserver/btcpayserver/releases/tag/v1.3.2

Security restrictions bypass in BTCPay Server - #VU57964

Detailed vulnerability description

Remediation

Sources

Please verify you're human