Lucene search
MitreCVE-2023-33498HistoryJun 07, 2023 - 2:15 p.m.
CVE-2023-33498
2023-06-0714:15:09
CWE-434
mitre
web.nvd.nist.gov
22
cve-2023-33498
alist
vulnerability
incorrect access control
unauthorized file upload
nvd
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.7
Confidence
High
EPSS
0.001
Percentile
30.3%
alist <=3.16.3 is vulnerable to Incorrect Access Control. Low privilege accounts can upload any file.
Affected configurations
Node
alist_projectalistRange<3.16.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| alist_project | alist | * | cpe:2.3:a:alist_project:alist:*:*:*:*:*:*:*:* |
References
Related
nvd
nvd
CVE-2023-33498
2023-06-07 14:15:09
osv
osv
CVE-2023-33498
2023-06-07 14:15:09
alist Incorrect Access Control vulnerability
2023-06-07 15:30:17
cvelist
cvelist
CVE-2023-33498
2023-06-07 00:00:00
veracode
veracode
Unrestricted Upload Of File
2023-06-20 04:46:02
prion
prion
Design/Logic Flaw
2023-06-07 14:15:00
github
github
alist Incorrect Access Control vulnerability
2023-06-07 15:30:17
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.7
Confidence
High
EPSS
0.001
Percentile
30.3%
Related for CVE-2023-33498