cvedb.io
CVE-2023-32687
HIGH · CVSS 7.7
EPSS exploitation probability: 0%
Published 2023-05-29T21:15:10.053 · Last modified 2026-06-17T05:59:23.493

Summary

tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a workaround, remove the list chat bots permission from users that should not have the ability to view connection strings. Invalidate any credentials previously stored for safety.

Affected products

tgstation13 — tgstation-server

Does this affect you?

Add your gear to cvedb and we'll alert you only when tgstation13 ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.