CVE-2023-26427

Опубликовано: 20 июн. 2023

Источник: nvd

CVSS3: 3.2

CVSS3: 3.3

EPSS Низкий

Описание

Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known.

Ссылки

http://packetstormsecurity.com/files/173083/OX-App-Suite-SSRF-Resource-Consumption-Command-Injection.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2023/Jun/8
Mailing List
Third Party Advisory
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0002.json
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6219_7.10.6_2023-03-20.pdf
Release Notes
http://packetstormsecurity.com/files/173083/OX-App-Suite-SSRF-Resource-Consumption-Command-Injection.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2023/Jun/8
Mailing List
Third Party Advisory
https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2023/oxas-adv-2023-0002.json
https://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_6219_7.10.6_2023-03-20.pdf
Release Notes

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:open-xchange:open-xchange_appsuite_backend:*:*:*:*:*:*:*:*

Версия до 7.10.6 (исключая)

cpe:2.3:a:open-xchange:open-xchange_appsuite_backend:7.10.6:*:*:*:*:*:*:*

cpe:2.3:a:open-xchange:open-xchange_appsuite_backend:7.10.6:revision_39:*:*:*:*:*:*

EPSS

Процентиль: 16%

0.00053

Низкий

3.2 Low

CVSS3

3.3 Low

CVSS3

Дефекты

CWE-922

CWE-732

Связанные уязвимости

GHSA-rfrx-wp2r-q456

CVSS3: 3.2

github

больше 2 лет назад

EPSS

Процентиль: 16%

0.00053

Низкий

3.2 Low

CVSS3

3.3 Low

CVSS3

Дефекты

CWE-922

CWE-732