Lucene search

GoogleOSV:CVE-2023-5916

HistoryNov 02, 2023 - 11:15 a.m.

CVE-2023-5916

2023-11-0211:15:14

Google

osv.dev

cve-2023-5916

configuration handler

improper access controls

remote attack

vdb-244305

software

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

46.9%

JSON

A vulnerability classified as critical has been found in Lissy93 Dashy 2.1.1. This affects an unknown part of the file /config-manager/save of the component Configuration Handler. The manipulation of the argument config leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-244305 was assigned to this vulnerability.

References

github.com/Lissy93/dashy/issues/1336

treasure-blarney-085.notion.site/Dashy-0dca8a0ebbd84f78ae6d03528ff1538c?pvs=4

vuldb.com/?ctiid.244305

vuldb.com/?id.244305

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

AI Score

7.2

Confidence

Low

EPSS

0.001

Percentile

46.9%

JSON

Related for OSV:CVE-2023-5916