Lucene search

[email protected]CVE-2023-50090

HistoryJan 03, 2024 - 8:15 p.m.

CVE-2023-50090

2024-01-0320:15:21

[email protected]

web.nvd.nist.gov

cve-2023-50090

arbitrary file write

vulnerability

savereportfile method

ureport2 2.2.9

nvd

security

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request.

Affected configurations

NVD

Node

ureport2_projectureport2Range≤2.2.9

CPENameOperatorVersion
ureport2_project:ureport2ureport2 project ureport2le2.2.9

CPE	Name	Operator	Version
ureport2_project:ureport2	ureport2 project ureport2	le	2.2.9

References

github.com/advisories/GHSA-445x-c8qq-qfr9

lemono.fun/thoughts/UReport2-RCE.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

Related for CVE-2023-50090

nvd1 prion1 osv1 cvelist1