Lucene search

K
cve[email protected]CVE-2023-39448
HistorySep 05, 2023 - 9:15 a.m.

CVE-2023-39448

2023-09-0509:15:08
CWE-22
web.nvd.nist.gov
15
cve
2023
39448
path traversal
vulnerability
shirasagi
code execution
nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.3%

Path traversal vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to alter or create arbitrary files on the server, resulting in arbitrary code execution.

Affected configurations

Vulners
NVD
Node
shirasagi_projectshirasagiRange<1.18.0

CNA Affected

[
  {
    "vendor": "SHIRASAGI Project",
    "product": "SHIRASAGI",
    "versions": [
      {
        "version": "prior to v1.18.0 ",
        "status": "affected"
      }
    ]
  }
]

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.3%

Related for CVE-2023-39448