Lucene search

[email protected]NVD:CVE-2023-1094

HistoryMay 08, 2023 - 8:15 p.m.

CVE-2023-1094

2023-05-0820:15:16

[email protected]

web.nvd.nist.gov

monicahq

csti

remote code execution

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.002

Percentile

64.7%

JSON

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the people:id/food endpoint and food parameter.

Affected configurations

Nvd

Node

monicahqmonicaMatch4.0.0

VendorProductVersionCPE
monicahqmonica4.0.0cpe:2.3:a:monicahq:monica:4.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
monicahq	monica	4.0.0	cpe:2.3:a:monicahq:monica:4.0.0:::::::*

References

fluidattacks.com/advisories/napoli

www.monicahq.com/

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.002

Percentile

64.7%

JSON

Related for NVD:CVE-2023-1094

prion1 cve1 osv1 cvelist1