Lucene search

GoogleOSV:CVE-2023-34878

HistoryJun 14, 2023 - 2:15 p.m.

CVE-2023-34878

2023-06-1414:15:10

Google

osv.dev

ujcms

vulnerability

sensitive information

web file html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.7%

JSON

An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip.

CPENameOperatorVersion
ujcmseq3.0.1
ujcmseq5.5.2
ujcmseq4.1.2
ujcmseq1.0.0
ujcmseq2.0.1
ujcmseq3.1.0
ujcmseq3.0.0
ujcmseq4.1.3
ujcmseq5.5.1
ujcmseq6.0.2

Name	Operator	Version
ujcms	eq	3.0.1
ujcms	eq	5.5.2
ujcms	eq	4.1.2
ujcms	eq	1.0.0
ujcms	eq	2.0.1
ujcms	eq	3.1.0
ujcms	eq	3.0.0
ujcms	eq	4.1.3
ujcms	eq	5.5.1
ujcms	eq	6.0.2

Rows per page:

1-10 of 131

References

github.com/ujcms/ujcms/issues/6

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.7%

JSON

Related for OSV:CVE-2023-34878