Lucene search

GoogleOSV:CVE-2023-4704

HistorySep 01, 2023 - 10:15 a.m.

CVE-2023-4704

2023-09-0110:15:08

Google

osv.dev

cve-2023-4704

system control

configuration setting

github

software

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.0%

JSON

External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git.

CPENameOperatorVersion
icms2eq2.6.1
icms2eq2.4.0
icms2eq2.14.1
icms2eq2.7.1
icms2eq2.7.0
icms2eq2.15.0
icms2eq2.7.2
icms2eq2.9.0
icms2eq2.6.0
icms2eq2.14.2

Name	Operator	Version
icms2	eq	2.6.1
icms2	eq	2.4.0
icms2	eq	2.14.1
icms2	eq	2.7.1
icms2	eq	2.7.0
icms2	eq	2.15.0
icms2	eq	2.7.2
icms2	eq	2.9.0
icms2	eq	2.6.0
icms2	eq	2.14.2

Rows per page:

1-10 of 291

References

github.com/instantsoft/icms2/commit/bc22d89691fdaf38055eba13dda8d959b16fa731

huntr.dev/bounties/4a54134d-df1f-43d4-9b14-45f023cd654a

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.0%

JSON

Related for OSV:CVE-2023-4704