Lucene search

Veracode Vulnerability DatabaseVERACODE:42351

HistoryAug 06, 2023 - 5:14 p.m.

Remote Code Execution (RCE)

2023-08-0617:14:07

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

sabnzbd

rce

vulnerability

notification script

web interface

arbitrary code

server

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.022 Low

EPSS

Percentile

89.5%

JSON

SABnzbd is vulnerable to Remote Code Execution (RCE). This vulnerability occurs due to a design flaw in the Notification Script functionality. An attacker can exploit this vulnerability by sending a specially crafted request to the SABnzbd web interface. This can be used to execute arbitrary code on the SABnzbd server.

CPENameOperatorVersion
sabnzbdplus:sideq3.1.1+dfsg-1
sabnzbdplus:sideq3.3.1+dfsg-1
sabnzbdplus:sideq3.1.1+dfsg-1
sabnzbdplus:sideq3.3.1+dfsg-1

Name	Operator	Version
sabnzbdplus:sid	eq	3.1.1+dfsg-1
sabnzbdplus:sid	eq	3.3.1+dfsg-1
sabnzbdplus:sid	eq	3.1.1+dfsg-1
sabnzbdplus:sid	eq	3.3.1+dfsg-1

References

github.com/sabnzbd/sabnzbd/commit/422b4fce7bfd56e95a315be0400cdfdc585df7cc

github.com/sabnzbd/sabnzbd/commit/e3a722664819d1c7c8fab97144cc299b1c18b429

github.com/sabnzbd/sabnzbd/security/advisories/GHSA-hhgh-xgh3-985r

sabnzbd.org/wiki/configuration/4.0/general

security-tracker.debian.org/tracker/CVE-2023-34237

security.gentoo.org/glsa/202312-11

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.022 Low

EPSS

Percentile

89.5%

JSON

Related for VERACODE:42351