Lucene search

GitHub_MVULNRICHMENT:CVE-2023-41887

HistorySep 15, 2023 - 8:06 p.m.

CVE-2023-41887 Remote Code exec in project import with mysql jdbc url attack

2023-09-1520:06:55

CWE-89

GitHub_M

github.com

openrefine

remote code exec

vulnerability

version 3.7.5

patch

mysql jdbc url attack

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

total

JSON

OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulnerability allows any unauthenticated user to execute code on the server. Version 3.7.5 has a patch for this issue.

References

github.com/OpenRefine/OpenRefine/commit/693fde606d4b5b78b16391c29d110389eb605511

github.com/OpenRefine/OpenRefine/security/advisories/GHSA-p3r5-x3hr-gpg5

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2023-41887