Lucene search
MitreCVE-2023-42222HistorySep 28, 2023 - 3:15 a.m.
CVE-2023-42222
2023-09-2803:15:11
mitre
web.nvd.nist.gov
37
webcatalog
cve-2023-42222
incorrect access control
electron shell.openexternal
url validation
security vulnerability
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
8.6
Confidence
High
EPSS
0.001
Percentile
29.4%
WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.
Affected configurations
Node
webcatalogwebcatalogRange<49.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| webcatalog | webcatalog | * | cpe:2.3:a:webcatalog:webcatalog:*:*:*:*:*:*:*:* |
Related
zdt
zdt
WebCatalog 48.4 Arbitrary Protocol Execution / Code Execution Vulnerability
2024-02-05 00:00:00
packetstorm
packetstorm
WebCatalog 48.4 Arbitrary Protocol Execution / Code Execution
2024-02-02 00:00:00
exploitdb
exploitdb
WebCatalog 48.4 - Arbitrary Protocol Execution
2024-02-02 00:00:00
prion
prion
Design/Logic Flaw
2023-09-28 03:15:00
nvd
nvd
CVE-2023-42222
2023-09-28 03:15:11
cvelist
cvelist
CVE-2023-42222
2023-09-28 00:00:00
githubexploit
githubexploit
Exploit for CVE-2023-42222
2023-09-27 17:36:30
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
8.6
Confidence
High
EPSS
0.001
Percentile
29.4%
Related for CVE-2023-42222