Butterfly Button Plugin Website Integration information disclosure
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.2 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as problematic, was found in Butterfly Button Plugin. This affects an unknown part of the component Website Integration. Executing a manipulation can lead to information disclosure. This vulnerability is handled as CVE-2023-24499. The physical device can be targeted for the attack. Additionally, an exploit exists. This product is provided as a managed service, meaning users do not have the ability to maintain vulnerability countermeasures themselves. You should upgrade the affected component.
Details
A vulnerability was found in Butterfly Button Plugin (affected version not known). It has been declared as problematic. This vulnerability affects some unknown functionality of the component Website Integration. The manipulation with an unknown input leads to a information disclosure vulnerability. The CWE definition for the vulnerability is CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. As an impact it is known to affect confidentiality. CVE summarizes:
Butterfly Button plugin may leave traces of its use on user's device. Since it is used for reporting domestic problems, this may lead to spouse knowing about its use.
The weakness was released 02/15/2023 by Erez Kalman via CERT. The advisory is available at gov.il. This vulnerability was named CVE-2023-24499 since 01/24/2023. Technical details are unknown but a private exploit is available. This vulnerability is assigned to T1592 by the MITRE ATT&CK project.
It is declared as proof-of-concept.
Upgrading eliminates this vulnerability.
The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2023-28517). If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Name
Managed Service
- yes
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.3VulDB Meta Temp Score: 4.2
VulDB Base Score: 2.1
VulDB Temp Score: 1.9
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 4.6
NVD Vector: 🔍
CNA Base Score: 4.3
CNA Vector (Israel National Cyber Directorate): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Information disclosureCWE: CWE-200 / CWE-284 / CWE-266
CAPEC: 🔍
ATT&CK: 🔍
Physical: Yes
Local: Yes
Remote: No
Availability: 🔍
Access: Private
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Status: 🔍0-Day Time: 🔍
Timeline
01/24/2023 🔍02/15/2023 🔍
02/15/2023 🔍
10/21/2025 🔍
Sources
Advisory: gov.ilResearcher: Erez Kalman
Status: Confirmed
CVE: CVE-2023-24499 (🔍)
GCVE (CVE): GCVE-0-2023-24499
GCVE (VulDB): GCVE-100-221146
EUVD: 🔍
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 02/15/2023 22:26Updated: 10/21/2025 07:59
Changes: 02/15/2023 22:26 (45), 03/16/2023 09:41 (11), 06/28/2023 08:20 (21), 10/21/2025 07:59 (25)
Complete: 🔍
Committer: Anonymous User
Cache ID: 216::103
If you want to get best quality of vulnerability data, you may have to visit VulDB.
No comments yet. Languages: en.
Please log in to comment.