Lucene search

GoogleOSV:CVE-2023-41564

HistorySep 08, 2023 - 11:15 p.m.

CVE-2023-41564

2023-09-0823:15:11

Google

osv.dev

arbitrary code execution

crafted file upload

upload asset function

cve-2023-41564

cockpit cms v2.6.3

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.0%

JSON

An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file.

CPENameOperatorVersion
cockpiteq2.4.0
cockpiteq2.6.0
cockpiteq2.5.2
cockpiteq2.0.2
cockpiteq2.3.3
cockpiteq2.1.0
cockpiteq2.6.1
cockpiteq2.3.2
cockpiteq2.2.0
cockpiteq2.4.1

Name	Operator	Version
cockpit	eq	2.4.0
cockpit	eq	2.6.0
cockpit	eq	2.5.2
cockpit	eq	2.0.2
cockpit	eq	2.3.3
cockpit	eq	2.1.0
cockpit	eq	2.6.1
cockpit	eq	2.3.2
cockpit	eq	2.2.0
cockpit	eq	2.4.1

Rows per page:

1-10 of 281

References

github.com/LongHair00/Mitre_opensource_report/blob/main/CockpitCMS-StoredXSS.md

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.0%

JSON

Related for OSV:CVE-2023-41564