Lucene search

GoogleOSV:CVE-2023-28394

HistoryMay 23, 2023 - 2:15 a.m.

CVE-2023-28394

2023-05-2302:15:10

Google

osv.dev

beekeeper studio

remote execution

javascript

os command

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.5%

JSON

Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS command may be executed as well.

CPENameOperatorVersion
beekeeper-studioeq1.11.1
beekeeper-studioeq1.7.1
beekeeper-studioeq1.0.12
beekeeper-studioeq1.0.11
beekeeper-studioeq1.8.11
beekeeper-studioeq1.0.10
beekeeper-studioeq1.6.6.1
beekeeper-studioeq1.5.0
beekeeper-studioeq1.7.4
beekeeper-studioeq1.11.2

Name	Operator	Version
beekeeper-studio	eq	1.11.1
beekeeper-studio	eq	1.7.1
beekeeper-studio	eq	1.0.12
beekeeper-studio	eq	1.0.11
beekeeper-studio	eq	1.8.11
beekeeper-studio	eq	1.0.10
beekeeper-studio	eq	1.6.6.1
beekeeper-studio	eq	1.5.0
beekeeper-studio	eq	1.7.4
beekeeper-studio	eq	1.11.2

Rows per page:

1-10 of 1611

References

github.com/beekeeper-studio/beekeeper-studio

jvn.jp/en/jp/JVN11705010/

www.beekeeperstudio.io/

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.5%

JSON

Related for OSV:CVE-2023-28394