Lucene search

[email protected]NVD:CVE-2023-31847

HistoryMay 17, 2023 - 1:15 a.m.

CVE-2023-31847

2023-05-1701:15:10

[email protected]

web.nvd.nist.gov

cve-2023-31847

data source

arbitrary files

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

29.8%

JSON

In davinci 0.3.0-rc after logging in, the user can connect to the mysql malicious server by controlling the data source to read arbitrary files on the client side.

Affected configurations

Nvd

Node

davinci_projectdavinciMatch0.3.0rc

VendorProductVersionCPE
davinci_projectdavinci0.3.0cpe:2.3:a:davinci_project:davinci:0.3.0:rc:*:*:*:*:*:*

Vendor	Product	Version	CPE
davinci_project	davinci	0.3.0	cpe:2.3:a:davinci_project:davinci:0.3.0:rc::::::

References

github.com/edp963/davinci/issues/2326

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

29.8%

JSON

Related for NVD:CVE-2023-31847

cve1 cvelist1 prion1 osv1