CVE-2023-28394

2023-05-2302:15:10

CWE-78

[email protected]

web.nvd.nist.gov

beekeeper studio

cve-2023-28394

remote attack

javascript

os command vulnerability

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.5%

JSON

Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS command may be executed as well.

Affected configurations

Vulners

NVD

Node

beekeeper_studio\,_inc.beekeeper_studioRange<3.9.9

CPENameOperatorVersion
beekeeperstudio:beekeeper-studiobeekeeperstudio beekeeper-studiolt3.9.9

CPE	Name	Operator	Version
beekeeperstudio:beekeeper-studio	beekeeperstudio beekeeper-studio	lt	3.9.9

CNA Affected

[
  {
    "vendor": "Beekeeper Studio, Inc.",
    "product": "Beekeeper Studio",
    "versions": [
      {
        "version": "versions prior to 3.9.9",
        "status": "affected"
      }
    ]
  }
]