exploitDog

CVE-2023-44397

Опубликовано: 30 окт. 2023

Источник: nvd

CVSS3: 7.5

CVSS3: 9.8

EPSS Низкий

Описание

CloudExplorer Lite is an open source, lightweight cloud management platform. Prior to version 1.4.1, the gateway filter of CloudExplorer Lite uses a controller with path starting with matching/API/, which can cause a permission bypass. Version 1.4.1 contains a patch for this issue.

Ссылки

https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-fqxr-7g94-vrfj
Exploit
Third Party Advisory
https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-fqxr-7g94-vrfj
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fit2cloud:cloudexplorer_lite:*:*:*:*:*:*:*:*

Версия до 1.4.1 (исключая)

EPSS

Процентиль: 4%

0.0002

Низкий

7.5 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-287

EPSS

Процентиль: 4%

0.0002

Низкий

7.5 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-287