CVE-2023-43784

Опубликовано: 22 сент. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose component. NOTE: the vendor's position is that there is no security threat.

Ссылки

https://docs.aws.amazon.com/IAM/latest/UserGuide/security-creds.html
Not Applicable
https://talk.plesk.com/threads/why-in-plesk-firehouse-aws-keys-are-public.369925/
Vendor Advisory
https://docs.aws.amazon.com/IAM/latest/UserGuide/security-creds.html
Not Applicable
https://talk.plesk.com/threads/why-in-plesk-firehouse-aws-keys-are-public.369925/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:plesk:onyx:17.8.11:*:*:*:*:*:*:*

EPSS

Процентиль: 37%

0.00152

Низкий

7.5 High

CVSS3

Дефекты

CWE-668

Связанные уязвимости

GHSA-xxxv-ffhq-jc78