Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-2533

Опубликовано: 20 июн. 2023
Источник: nvd
CVSS3: 8.4
CVSS3: 8.8
EPSS Средний

Описание

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current login session. Exploiting this would typically involve the possibility of deceiving an admin into clicking a specially crafted malicious link, potentially leading to unauthorized changes.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
Версия до 20.1.8 (исключая)
cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
Версия от 21.0.0 (включая) до 21.2.12 (исключая)
cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*
Версия от 22.0.0 (включая) до 22.1.1 (исключая)
cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
Версия до 20.1.8 (исключая)
cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
Версия от 21.0.0 (включая) до 21.2.12 (исключая)
cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
Версия от 22.0.0 (включая) до 22.1.1 (включая)

EPSS

Процентиль: 97%
0.36322
Средний

8.4 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-352
CWE-352

Связанные уязвимости

github логотип

GHSA-fhf9-47gc-m9wc

CVSS3: 8.4
github
больше 2 лет назад

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current login session. Exploiting this would typically involve the possibility of deceiving an admin into clicking a specially crafted malicious link, potentially leading to unauthorized changes.

EPSS

Процентиль: 97%
0.36322
Средний

8.4 High

CVSS3

8.8 High

CVSS3

Дефекты

CWE-352
CWE-352