Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.PAPERCUT_NG_22_1_3.NASL
HistoryOct 17, 2023 - 12:00 a.m.

PaperCut NG < 20.1.9 / 21.x < 21.2.13 / 22.x < 22.1.3 Multiple Vulnerabilities

2023-10-1700:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10

9.4 High

AI Score

Confidence

High

JSON

The version of PaperCut NG installed on the remote Windows host is affected by multiple vulnerabilities, as follows:

- An authentication bypass exists that could allow a remote, unauthenticated attacker to upload arbitrary files to       the PaperCut host’s file storage. This could exhaust system resources and prevent the service from operating as       expected. (CVE-2023-3486)

- A path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code       execution when external device integration is enabled (a very common configuration). (CVE-2023-39143)

- A third party library issue in pgjdbc. pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in       the jdbc driver for postgresql database while doing security research. The system using the postgresql library       will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on       class names provided via authenticationPluginClassName, sslhostnameverifier, socketFactory, sslfactory,       sslpasswordcallback connection properties. However, the driver did not verify if the class implements the expected       interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users       using plugins are advised to upgrade. There are no known workarounds for this issue. (CVE-2022-21724)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(183242);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/16");

  script_cve_id("CVE-2022-21724", "CVE-2023-3486", "CVE-2023-39143");

  script_name(english:"PaperCut NG < 20.1.9 / 21.x < 21.2.13 / 22.x < 22.1.3 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"Adobe Bridge installed on remote Windows host is affected by a multiple vulnerabilities");
  script_set_attribute(attribute:"description", value:
"The version of PaperCut NG installed on the remote Windows host is affected by multiple vulnerabilities, as follows:

    - An authentication bypass exists that could allow a remote, unauthenticated attacker to upload arbitrary files to
      the PaperCut hostҀ™s file storage. This could exhaust system resources and prevent the service from operating as
      expected. (CVE-2023-3486)

    - A path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code
      execution when external device integration is enabled (a very common configuration). (CVE-2023-39143)

    - A third party library issue in pgjdbc. pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in
      the jdbc driver for postgresql database while doing security research. The system using the postgresql library
      will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on
      class names provided via authenticationPluginClassName, sslhostnameverifier, socketFactory, sslfactory,
      sslpasswordcallback connection properties. However, the driver did not verify if the class implements the expected 
      interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users
      using plugins are advised to upgrade. There are no known workarounds for this issue. (CVE-2022-21724)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.papercut.com/kb/Main/securitybulletinjuly2023/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to PaperCut NG version 20.1.9, 21.2.13, 22.1.3, or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-21724");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2023-39143");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/07/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/07/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/10/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:papercut:papercut_ng");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("papercut_ng_win_installed.nbin");
  script_require_keys("installed_sw/PaperCut NG", "SMB/Registry/Enumerated");

  exit(0);
}

include('vcf.inc');

get_kb_item_or_exit('SMB/Registry/Enumerated');

var app_info = vcf::get_app_info(app:'PaperCut NG', win_local:TRUE);

var constraints = [
  { 'fixed_version' : '20.1.9' },
  { 'min_version' : '21.0', 'fixed_version' : '21.2.13' },
  { 'min_version' : '22.0', 'fixed_version' : '22.1.3' }
];

vcf::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_HOLE
);
VendorProductVersionCPE
papercutpapercut_ngcpe:/a:papercut:papercut_ng

Related

nessus 8
thn 1
prion 3
githubexploit 1
nuclei 1
cve 3
osv 5
f5 1
openvas 4
veracode 1
ibm 10
github 1
redhatcve 1
alpinelinux 1
cgr 1
atlassian 1
wolfi 1
fedora 1
debiancve 1
ubuntucve 1
debian 2
redhat 4
nessus
nessus
PaperCut MF < 20.1.9 / 21.x < 21.2.13 / 22.x < 22.1.3 Multiple Vulnerabilities
2023-10-17 00:00:00
PaperCut MF Path Traversal/File Upload RCE (CVE-2023-39143)
2023-10-10 00:00:00
PaperCut NG Path Traversal/File Upload RCE (CVE-2023-39143)
2023-10-10 00:00:00
thn
thn
Researchers Uncover New High-Severity Vulnerability in PaperCut Software
2023-08-05 04:13:00
prion
prion
Path traversal
2023-08-04 17:15:00
Authentication flaw
2023-07-25 13:15:00
Design/Logic Flaw
2022-02-02 12:15:00
githubexploit
githubexploit
Exploit for Path Traversal in Papercut Papercut Mf
2023-08-17 02:57:48
nuclei
nuclei
PaperCut < 22.1.3 - Path Traversal
2023-08-06 17:21:19
cve
cve
CVE-2023-39143
2023-08-04 17:15:11
CVE-2022-21724
2022-02-02 12:15:00
CVE-2023-3486
2023-07-25 13:15:10
osv
osv
libpgjava - security update
2022-05-20 00:00:00
pgjdbc Does Not Check Class Instantiation when providing Plugin Classes
2022-02-02 00:04:20
CVE-2022-21724
2022-02-02 12:15:08
f5
f5
K69124112 : PostgreSQL JDBC vulnerability CVE-2022-21724
2022-04-29 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3018-1)
2022-05-21 00:00:00
Fedora: Security Advisory for postgresql-jdbc (FEDORA-2022-1151f65e9a)
2022-04-15 00:00:00
Huawei EulerOS: Security Advisory for postgresql-jdbc (EulerOS-SA-2022-1946)
2022-06-22 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2022-02-03 08:33:39
ibm
ibm
Security Bulletin: A vulnerability in PostgreSQL JDBC Driver (PgJDBC) affects IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2022-21724)
2023-01-12 21:59:00
Security Bulletin: A security vulnerability has been identified in Postgresql shipped with IBM Tivoli Netcool Impact (CVE-2022-26520, CVE-2022-21724, 220313)
2022-09-21 19:33:51
Security Bulletin: IBM Security Verify Governance is vulnerable to arbitrary code execution, sensitive information exposure and unauthorized access due to PostgreSQL
2023-02-15 11:24:40
github
github
pgjdbc Does Not Check Class Instantiation when providing Plugin Classes
2022-02-02 00:04:20
redhatcve
redhatcve
CVE-2022-21724
2022-02-04 20:10:26
alpinelinux
alpinelinux
CVE-2022-21724
2022-02-02 12:15:00
cgr
cgr
CVE-2022-21724 vulnerabilities
2024-05-08 21:08:34
atlassian
atlassian
Vulnerable version of PostgresSQL JDBC driver used - CVE-2022-21724
2022-04-20 20:14:01
wolfi
wolfi
CVE-2022-21724 vulnerabilities
2024-05-08 21:18:58
fedora
fedora
[SECURITY] Fedora 35 Update: postgresql-jdbc-42.2.25-1.fc35
2022-04-14 16:07:47
debiancve
debiancve
CVE-2022-21724
2022-02-02 12:15:00
ubuntucve
ubuntucve
CVE-2022-21724
2022-02-02 00:00:00
debian
debian
[SECURITY] [DLA 3018-1] libpgjava security update
2022-05-20 20:44:12
[SECURITY] [DSA 5196-1] libpgjava security update
2022-07-31 11:39:10
redhat
redhat
(RHSA-2022:4623) Moderate: Red Hat build of Quarkus 2.7.5 release and security update
2022-05-18 10:52:45
(RHSA-2022:6835) Important: Service Registry (container images) release and security update [2.3.0.GA]
2022-10-06 12:24:42
(RHSA-2022:6813) Important: Red Hat Process Automation Manager 7.13.1 security update
2022-10-05 10:42:47

9.4 High

AI Score

Confidence

High

JSON
Related for PAPERCUT_NG_22_1_3.NASL
nessus8thn1prion3githubexploit1nuclei1cve3osv5f51openvas4veracode1ibm10github1redhatcve1alpinelinux1cgr1atlassian1wolfi1fedora1debiancve1ubuntucve1debian2redhat4