Lucene search

[email protected]NVD:CVE-2023-3432

HistoryJun 27, 2023 - 3:15 p.m.

CVE-2023-3432

2023-06-2715:15:11

CWE-918

[email protected]

web.nvd.nist.gov

server-side request forgery

github

vulnerability

plantuml

version 1.2023.9

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

AI Score

8.3

Confidence

High

EPSS

0.002

Percentile

51.8%

JSON

Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.

Affected configurations

Nvd

Node

plantumlplantumlRange<1.2023.9

Node

fedoraprojectfedoraMatch39

VendorProductVersionCPE
plantumlplantuml*cpe:2.3:a:plantuml:plantuml:*:*:*:*:*:*:*:*
fedoraprojectfedora39cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
plantuml	plantuml	*	cpe:2.3:a:plantuml:plantuml::::::::
fedoraproject	fedora	39	cpe:2.3:o:fedoraproject:fedora:39:::::::*

References

github.com/plantuml/plantuml/commit/b32500bb61ae617bb312496d6d832e4be8190797

huntr.dev/bounties/8ac3316f-431c-468d-87e4-3dafff2ecf51

lists.fedoraproject.org/archives/list/[email protected]/message/FV7XL3CY3K3K5ER3ASMEQA546MIQQ7QM/

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

AI Score

8.3

Confidence

High

EPSS

0.002

Percentile

51.8%

JSON

Related for NVD:CVE-2023-3432

ubuntucve1 prion1 alpinelinux1 cve1 osv2 huntr1 cvelist1 veracode1 github1 debiancve1 openvas1 fedora1 nessus1