Lucene search

GoogleOSV:CVE-2023-6569

HistoryDec 14, 2023 - 1:15 p.m.

CVE-2023-6569

2023-12-1413:15:55

Google

osv.dev

file path manipulation

information security

software vulnerability

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

9.3 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

External Control of File Name or Path in h2oai/h2o-3

CPENameOperatorVersion
h2o-3eqjenkins-master-1167
h2o-3eqjenkins-master-4191
h2o-3eqjenkins-master-4791
h2o-3eqjenkins-master-5137
h2o-3eqjenkins-master-5491
h2o-3eqjenkins-master-3242
h2o-3eqjenkins-master-3110
h2o-3eqjenkins-master-3431
h2o-3eqjenkins-master-4323
h2o-3eqjenkins-master-4564

Name	Operator	Version
h2o-3	eq	jenkins-master-1167
h2o-3	eq	jenkins-master-4191
h2o-3	eq	jenkins-master-4791
h2o-3	eq	jenkins-master-5137
h2o-3	eq	jenkins-master-5491
h2o-3	eq	jenkins-master-3242
h2o-3	eq	jenkins-master-3110
h2o-3	eq	jenkins-master-3431
h2o-3	eq	jenkins-master-4323
h2o-3	eq	jenkins-master-4564

Rows per page:

1-10 of 32341

References

huntr.com/bounties/a5d003dc-c23e-4c98-8dcf-35ba9252fa3c

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

9.3 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for OSV:CVE-2023-6569