Lucene search
Ubuntu.comUB:CVE-2023-32637HistoryJul 25, 2023 - 12:00 a.m.
CVE-2023-32637
2023-07-2500:00:00
ubuntu.com
ubuntu.com
3
gbrowse
vulnerability
remote code execution
file upload
web request
unauthenticated access
server
fix
security advisory
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
51.0%
GBrowse accepts files with any formats uploaded and places them in the area
accessible through unauthenticated web requests. Therefore, anyone who can
upload files through the product may execute arbitrary code on the server.
Notes
| Author | Note |
|---|---|
| Priority reason: This has a high priority because it is a vulnerability that allows a remote attacker to execute code in a machine, and it looks to be easily exploitable given that it involves regular functionalities provided by the application. | |
| ccdm94 | this has likely been fixed in all 2.x versions. |
Related
prion
prion
Code injection
2023-07-25 06:15:00
debiancve
debiancve
CVE-2023-32637
2023-07-25 06:15:10
cvelist
cvelist
CVE-2023-32637
2023-07-25 05:01:48
nvd
nvd
CVE-2023-32637
2023-07-25 06:15:10
jvn
jvn
cve
cve
CVE-2023-32637
2023-07-25 06:15:10
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
51.0%
Related for UB:CVE-2023-32637