Lucene search

[email protected]CVE-2023-6020

HistoryNov 16, 2023 - 9:15 p.m.

CVE-2023-6020

2023-11-1621:15:09

CWE-862

[email protected]

web.nvd.nist.gov

cve-2023-6020

directory traversal

local file inclusion

information security

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

8 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.064 Low

EPSS

Percentile

93.6%

JSON

LFI in Ray’s /static/ directory allows attackers to read any file on the server without authentication.

CPENameOperatorVersion
ray_project:rayray project rayeq-

CPE	Name	Operator	Version
ray_project:ray	ray project ray	eq	-

References

huntr.com/bounties/83dd8619-6dc3-4c98-8f1b-e620fedcd1f6

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

8 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.064 Low

EPSS

Percentile

93.6%

JSON

Related for CVE-2023-6020

prion3 cvelist3 nuclei1 github2 osv2 thn1 cve2 openvas1