CVE-2023-27066

Опубликовано: 22 мая 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Directory Traversal vulnerability in Site Core Experience Platform 10.2 and earlier allows authenticated remote attackers to download arbitrary files via Urlhandle.

Ссылки

https://blogs.night-wolf.io/0-day-vulnerabilities-at-sitecore-pagedesigner
Exploit
Vendor Advisory
https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/103/Sitecore%20Experience%20Platform%20103/Release%20Notes
Release Notes
https://blogs.night-wolf.io/0-day-vulnerabilities-at-sitecore-pagedesigner
Exploit
Vendor Advisory
https://dev.sitecore.net/Downloads/Sitecore%20Experience%20Platform/103/Sitecore%20Experience%20Platform%20103/Release%20Notes
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:*

Версия до 10.2 (включая)

EPSS

Процентиль: 59%

0.00384

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-chfj-92p9-phpx