exploitDog

CVE-2023-23128

Опубликовано: 01 фев. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and that there is no risk from this behavior. The vulnerability report is thus not valid.

Ссылки

https://github.com/l00neyhacker/CVE-2023-23128
Third Party Advisory
https://github.com/l00neyhacker/CVE-2023-23128
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:connectwise:connectwise:22.8.10013.8329:*:*:*:*:*:*:*

EPSS

Процентиль: 51%

0.00283

Низкий

6.1 Medium

CVSS3

Дефекты

NVD-CWE-Other

CWE-942

Связанные уязвимости

GHSA-2ww8-f9rj-2xg5

CVSS3: 6.1

github

около 3 лет назад

Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS).

EPSS

Процентиль: 51%

0.00283

Низкий

6.1 Medium

CVSS3

Дефекты

NVD-CWE-Other

CWE-942