CVE-2023-43661

Опубликовано: 11 окт. 2023

Источник: nvd

CVSS3: 9.1

CVSS3: 8.8

EPSS Средний

Описание

Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of the 2.4 branch contains a patch for this issue.

Ссылки

https://github.com/cachethq/cachet/commit/6fb043e109d2a262ce3974e863c54e9e5f5e0587
Patch
https://github.com/cachethq/cachet/security/advisories/GHSA-hv79-p62r-wg3p
Exploit
Mitigation
Vendor Advisory
https://github.com/cachethq/cachet/commit/6fb043e109d2a262ce3974e863c54e9e5f5e0587
Patch
https://github.com/cachethq/cachet/security/advisories/GHSA-hv79-p62r-wg3p
Exploit
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:all-three:cachet:*:*:*:*:*:*:*:*

Версия до 2.4 (исключая)

EPSS

Процентиль: 95%

0.18169

Средний

9.1 Critical

CVSS3

8.8 High

CVSS3

Дефекты

CWE-94

CWE-74

Связанные уязвимости

GHSA-hv79-p62r-wg3p

CVSS3: 9.1

github

больше 2 лет назад

Cachet vulnerable to Authenticated Remote Code Execution

EPSS

Процентиль: 95%

0.18169

Средний

9.1 Critical

CVSS3

8.8 High

CVSS3

Дефекты

CWE-94

CWE-74