CVE-2023-41892

2023-09-1320:15:08

CWE-94

GitHub_M

web.nvd.nist.gov

100

craft cms

digital experiences

cve-2023-41892

nvd

security

update

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

AI Score

9.2

Confidence

High

EPSS

0.895

Percentile

98.8%

JSON

Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.

Affected configurations

Nvd

Vulners

Node

craftcmscraft_cmsRange4.4.0–4.4.15

VendorProductVersionCPE
craftcmscraft_cms*cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
craftcms	craft_cms	*	cpe:2.3:a:craftcms:craft_cms::::::::

CNA Affected

[
  {
    "vendor": "craftcms",
    "product": "cms",
    "versions": [
      {
        "version": ">= 4.0.0-RC1, <= 4.4.14",
        "status": "affected"
      }
    ]
  }
]