Lucene search

[email protected]CVE-2023-4159

HistoryAug 04, 2023 - 6:15 p.m.

CVE-2023-4159

2023-08-0418:15:18

CWE-434

[email protected]

web.nvd.nist.gov

cve-2023-4159

unrestricted file upload

github

repository

omeka

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.9%

JSON

Unrestricted Upload of File with Dangerous Type in GitHub repository omeka/omeka-s prior to 4.0.3.

Affected configurations

NVD

Node

omekaomeka_sRange<4.0.3

CPENameOperatorVersion
omeka:omeka_someka omeka slt4.0.3

CPE	Name	Operator	Version
omeka:omeka_s	omeka omeka s	lt	4.0.3

CNA Affected

[
  {
    "vendor": "omeka",
    "product": "omeka/omeka-s",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "4.0.3",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/omeka/omeka-s/commit/2a7fb26452167c8a1d95f207ae5328c6b1b0fcf8

huntr.dev/bounties/e2e2365e-6a5f-4ca4-9ef1-297e3ed41f9c

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.9%

JSON

Related for CVE-2023-4159

cvelist1 prion1 huntr1 osv1 nvd1