Lucene search

Ubuntu.comUB:CVE-2023-45195

HistoryJun 25, 2024 - 12:00 a.m.

CVE-2023-45195

2024-06-2500:00:00

ubuntu.com

adminerevo

ssrf

vulnerability

fixed

version 4.8.4

6.9 Medium

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/SC:L/VI:N/SI:N/VA:N/SA:N/AU:Y

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Adminer and AdminerEvo are vulnerable to SSRF via database connection
fields. This could allow an unauthenticated remote attacker to enumerate or
access systems the attacker would not otherwise have access to. Adminer is
no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchadminer< anyUNKNOWN
ubuntu20.04noarchadminer< anyUNKNOWN
ubuntu22.04noarchadminer< anyUNKNOWN
ubuntu23.10noarchadminer< anyUNKNOWN
ubuntu24.04noarchadminer< anyUNKNOWN
ubuntu16.04noarchadminer< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	adminer	< any	UNKNOWN
ubuntu	20.04	noarch	adminer	< any	UNKNOWN
ubuntu	22.04	noarch	adminer	< any	UNKNOWN
ubuntu	23.10	noarch	adminer	< any	UNKNOWN
ubuntu	24.04	noarch	adminer	< any	UNKNOWN
ubuntu	16.04	noarch	adminer	< any	UNKNOWN

References

github.com/adminerevo/adminerevo/pull/102/commits/18f3167bbcbec3bc746f62db72e016aa99144efc

launchpad.net/bugs/cve/CVE-2023-45195

nvd.nist.gov/vuln/detail/CVE-2023-45195

security-tracker.debian.org/tracker/CVE-2023-45195

www.cve.org/CVERecord?id=CVE-2023-45195

6.9 Medium

CVSS4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/SC:L/VI:N/SI:N/VA:N/SA:N/AU:Y

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for UB:CVE-2023-45195