CVE-2023-28900 Information

Description

The Skoda Automotive cloud contains a Broken Access Control vulnerability allowing to obtain nicknames and other user identifiers of Skoda Connect service users by specifying an arbitrary vehicle VIN number.

Reference

https://asrg.io/security-advisories/cve-2023-28900