cvelistv5 - cve-2023-4304

CVE-2023-4304 (GCVE-0-2023-4304)

Vulnerability from cvelistv5

Published

2023-08-11 00:00

Modified

2024-10-04 13:06

Severity ?

3.8 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-840 - Business Logic Errors

Summary

Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.

References

URL

Tags

security@huntr.dev	https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597	Patch
security@huntr.dev	https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9	Exploit, Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597	Patch
af854a3a-2127-422b-91ae-364da2661108	https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9	Exploit, Issue Tracking, Patch, Third Party Advisory

Impacted products

	Vendor	Product	Version
	froxlor	froxlor/froxlor	Version: unspecified < 2.0.22,2.1.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:24:04.620Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-4304",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-04T13:04:29.535523Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-04T13:06:39.118Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "froxlor/froxlor",
          "vendor": "froxlor",
          "versions": [
            {
              "lessThan": "2.0.22,2.1.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Ahmed Hassan (ahmedvienna)"
        },
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Josef Hassan (josefjku)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eBusiness Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.\u003c/p\u003e"
            }
          ],
          "value": "Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-840",
              "description": "CWE-840 Business Logic Errors",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-18T10:13:29.779Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9"
        },
        {
          "url": "https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597"
        }
      ],
      "source": {
        "advisory": "59fe5037-b253-4b0f-be69-1d2e4af8b4a9",
        "discovery": "EXTERNAL"
      },
      "title": "Business Logic Errors in froxlor/froxlor",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2023-4304",
    "datePublished": "2023-08-11T00:00:20.247Z",
    "dateReserved": "2023-08-11T00:00:07.158Z",
    "dateUpdated": "2024-10-04T13:06:39.118Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-4304\",\"sourceIdentifier\":\"security@huntr.dev\",\"published\":\"2023-08-11T01:15:09.437\",\"lastModified\":\"2024-11-21T08:34:49.463\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.\\n\\n\"},{\"lang\":\"es\",\"value\":\"Errores de l\u00f3gica de negocio en el repositorio GitHub froxlor/froxlor anterior a 2.0.22,2.1.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@huntr.dev\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":3.8,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":2.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security@huntr.dev\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-840\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.0.22\",\"matchCriteriaId\":\"3A1F0C8D-0EC2-4AEF-8800-3FCE3B9D9240\"}]}]}],\"references\":[{\"url\":\"https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597\",\"source\":\"security@huntr.dev\",\"tags\":[\"Patch\"]},{\"url\":\"https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9\",\"source\":\"security@huntr.dev\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T07:24:04.620Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-4304\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-04T13:04:29.535523Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-04T13:06:33.459Z\"}}], \"cna\": {\"title\": \"Business Logic Errors in froxlor/froxlor\", \"source\": {\"advisory\": \"59fe5037-b253-4b0f-be69-1d2e4af8b4a9\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Ahmed Hassan (ahmedvienna)\"}, {\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Josef Hassan (josefjku)\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"froxlor\", \"product\": \"froxlor/froxlor\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"2.0.22,2.1.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9\"}, {\"url\": \"https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eBusiness Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-840\", \"description\": \"CWE-840 Business Logic Errors\"}]}], \"providerMetadata\": {\"orgId\": \"c09c270a-b464-47c1-9133-acb35b22c19a\", \"shortName\": \"@huntr_ai\", \"dateUpdated\": \"2023-12-18T10:13:29.779Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-4304\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-04T13:06:39.118Z\", \"dateReserved\": \"2023-08-11T00:00:07.158Z\", \"assignerOrgId\": \"c09c270a-b464-47c1-9133-acb35b22c19a\", \"datePublished\": \"2023-08-11T00:00:20.247Z\", \"assignerShortName\": \"@huntrdev\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2023-AVI-0633

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

SICAM TOOLBOX II versions antérieures à 07.10
Périphériques RUGGEDCOM ROS versions antérieures à 4.3.8
Solid Edge SE2023 versions antérieures à 223.0 Update 7
RUGGEDCOM CROSSBOW versions antérieures à 5.4
Parasolid versions 34.1.x antérieures à 34.1.258
Parasolid versions 35.0.x antérieures à 35.0.254
Parasolid versions 35.1.x antérieures à 35.1.197
Teamcenter Visualization versions 14.1.x, se référer à l'avis éditeur pour plus d'information sur les mesures de contournement
Teamcenter Visualization versions 14.2.x antérieures à 14.2.0.6
Teamcenter Visualization versions 14.3.x, se référer à l'avis éditeur pour plus d'information sur les mesures de contournement
SIMATIC contrôleur de disque CPU 1504D versions antérieures à 3.0.3
SIMATIC contrôleur de disque CPU 1507D versions antérieures à 3.0.3
SIMATIC ET toutes versions
SIMATIC IPC toutes versions
SIMATIC S7 versions antérieures à 3.0.3
SIPLUS ET versions antérieures à 3.3.19
SIPLUS S7 versions antérieures à 3.0.3
Siemens Software Center versions antérieures à 3.0
APOGEE PXC Compact versions antérieures à 3.5.5
APOGEE PXC Compact (P2 Ethernet) versions antérieures à 2.8.20
APOGEE PXC Modular (BACnet) versions antérieures à 3.5.5
APOGEE PXC Modular (P2 Ethernet) versions antérieures à 2.8.20
TALON TC Compact versions antérieures à 3.5.5
TALON TC Modular (BACnet) versions antérieures à 3.5.5
JT2Go versions antérieures à 14.2.0.5
Solid Edge SE2022 versions antérieures à 222.0 Update 13
Solid Edge SE2023 versions antérieures à 223.0 Update 4
Teamcenter Visualization versions 13.2.x antérieures à 13.2.0.15
Teamcenter Visualization versions 13.3.x antérieures à 13.3.0.11
Teamcenter Visualization versions 14.1.x antérieures à 14.1.0.11
Teamcenter Visualization versions 14.2.x antérieures à 14.2.0.5
Parasolid versions 35.0.x sans la procédure de réinstallation
Parasolid versions 35.1.x sans la procédure de réinstallation
JT Open versions antérieures à 11.4
JT Utilities versions antérieures à 13.4
Parasolid versions 34.0.x antérieures à 34.0.253
Parasolid versions 34.1.x antérieures à 34.1.243
Parasolid versions 35.0.x antérieures à 35.0.177
Parasolid versions 35.1.x antérieures à 35.1.073

L'éditeur ne propose pas de correctif pour certains produits RUGGEDCOM ROS, SIMATIC ou SIPLUS, se référer aux avis pour obtenir plus d'informations sur les mesures de contournement.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-472630 du 8 août 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-264815 du 8 août 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-770902 du 8 août 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-975961 du 8 août 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-908185 du 8 août 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-131450 du 8 août 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-407785 du 8 août 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-180579 du 8 août 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-811403 du 8 août 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-264814 du 8 août 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-116172 du 8 août 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-188491 du 8 août 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-001569 du 8 août 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eSICAM TOOLBOX II versions ant\u00e9rieures \u00e0 07.10\u003c/li\u003e \u003cli\u003eP\u00e9riph\u00e9riques RUGGEDCOM ROS versions ant\u00e9rieures \u00e0 4.3.8\u003c/li\u003e \u003cli\u003eSolid Edge SE2023 versions ant\u00e9rieures \u00e0 223.0 Update 7\u003c/li\u003e \u003cli\u003eRUGGEDCOM CROSSBOW versions ant\u00e9rieures \u00e0 5.4\u003c/li\u003e \u003cli\u003eParasolid versions 34.1.x ant\u00e9rieures \u00e0 34.1.258\u003c/li\u003e \u003cli\u003eParasolid versions 35.0.x ant\u00e9rieures \u00e0 35.0.254\u003c/li\u003e \u003cli\u003eParasolid versions 35.1.x ant\u00e9rieures \u00e0 35.1.197\u003c/li\u003e \u003cli\u003eTeamcenter Visualization versions 14.1.x, se r\u00e9f\u00e9rer \u00e0 l\u0027avis \u00e9diteur pour plus d\u0027information sur les mesures de contournement\u003c/li\u003e \u003cli\u003eTeamcenter Visualization versions 14.2.x ant\u00e9rieures \u00e0 14.2.0.6\u003c/li\u003e \u003cli\u003eTeamcenter Visualization versions 14.3.x, se r\u00e9f\u00e9rer \u00e0 l\u0027avis \u00e9diteur pour plus d\u0027information sur les mesures de contournement\u003c/li\u003e \u003cli\u003eSIMATIC contr\u00f4leur de disque CPU 1504D versions ant\u00e9rieures \u00e0 3.0.3\u003c/li\u003e \u003cli\u003eSIMATIC contr\u00f4leur de disque CPU 1507D versions ant\u00e9rieures \u00e0 3.0.3\u003c/li\u003e \u003cli\u003eSIMATIC ET toutes versions\u003c/li\u003e \u003cli\u003eSIMATIC IPC toutes versions\u003c/li\u003e \u003cli\u003eSIMATIC S7 versions ant\u00e9rieures \u00e0 3.0.3\u003c/li\u003e \u003cli\u003eSIPLUS ET versions ant\u00e9rieures \u00e0 3.3.19\u003c/li\u003e \u003cli\u003eSIPLUS S7 versions ant\u00e9rieures \u00e0 3.0.3\u003c/li\u003e \u003cli\u003eSiemens Software Center versions ant\u00e9rieures \u00e0 3.0\u003c/li\u003e \u003cli\u003eAPOGEE PXC Compact versions ant\u00e9rieures \u00e0 3.5.5\u003c/li\u003e \u003cli\u003eAPOGEE PXC Compact (P2 Ethernet) versions ant\u00e9rieures \u00e0 2.8.20\u003c/li\u003e \u003cli\u003eAPOGEE PXC Modular (BACnet) versions ant\u00e9rieures \u00e0 3.5.5\u003c/li\u003e \u003cli\u003eAPOGEE PXC Modular (P2 Ethernet) versions ant\u00e9rieures \u00e0 2.8.20\u003c/li\u003e \u003cli\u003eTALON TC Compact versions ant\u00e9rieures \u00e0 3.5.5\u003c/li\u003e \u003cli\u003eTALON TC Modular (BACnet) versions ant\u00e9rieures \u00e0 3.5.5\u003c/li\u003e \u003cli\u003eJT2Go versions ant\u00e9rieures \u00e0 14.2.0.5\u003c/li\u003e \u003cli\u003eSolid Edge SE2022 versions ant\u00e9rieures \u00e0 222.0 Update 13\u003c/li\u003e \u003cli\u003eSolid Edge SE2023 versions ant\u00e9rieures \u00e0 223.0 Update 4\u003c/li\u003e \u003cli\u003eTeamcenter Visualization versions 13.2.x ant\u00e9rieures \u00e0 13.2.0.15\u003c/li\u003e \u003cli\u003eTeamcenter Visualization versions 13.3.x ant\u00e9rieures \u00e0 13.3.0.11\u003c/li\u003e \u003cli\u003eTeamcenter Visualization versions 14.1.x ant\u00e9rieures \u00e0 14.1.0.11\u003c/li\u003e \u003cli\u003eTeamcenter Visualization versions 14.2.x ant\u00e9rieures \u00e0 14.2.0.5\u003c/li\u003e \u003cli\u003eParasolid versions 35.0.x sans la proc\u00e9dure de r\u00e9installation\u003c/li\u003e \u003cli\u003eParasolid versions 35.1.x sans la proc\u00e9dure de r\u00e9installation\u003c/li\u003e \u003cli\u003eJT Open versions ant\u00e9rieures \u00e0 11.4\u003c/li\u003e \u003cli\u003eJT Utilities versions ant\u00e9rieures \u00e0 13.4\u003c/li\u003e \u003cli\u003eParasolid versions 34.0.x ant\u00e9rieures \u00e0 34.0.253\u003c/li\u003e \u003cli\u003eParasolid versions 34.1.x ant\u00e9rieures \u00e0 34.1.243\u003c/li\u003e \u003cli\u003eParasolid versions 35.0.x ant\u00e9rieures \u00e0 35.0.177\u003c/li\u003e \u003cli\u003eParasolid versions 35.1.x ant\u00e9rieures \u00e0 35.1.073\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eL\u0027\u00e9diteur ne propose pas de correctif pour certains produits RUGGEDCOM ROS, SIMATIC ou SIPLUS, se r\u00e9f\u00e9rer aux avis pour obtenir plus d\u0027informations sur les mesures de contournement.\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-27009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27009"
    },
    {
      "name": "CVE-2022-37971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37971"
    },
    {
      "name": "CVE-2023-27411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27411"
    },
    {
      "name": "CVE-2020-28388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28388"
    },
    {
      "name": "CVE-2023-24845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24845"
    },
    {
      "name": "CVE-2023-39419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39419"
    },
    {
      "name": "CVE-2023-39183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39183"
    },
    {
      "name": "CVE-2022-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
    },
    {
      "name": "CVE-2020-27736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27736"
    },
    {
      "name": "CVE-2023-39269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39269"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2023-38526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38526"
    },
    {
      "name": "CVE-2023-38641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38641"
    },
    {
      "name": "CVE-2023-39187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39187"
    },
    {
      "name": "CVE-2023-39188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39188"
    },
    {
      "name": "CVE-2020-15795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15795"
    },
    {
      "name": "CVE-2023-39185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39185"
    },
    {
      "name": "CVE-2022-39062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39062"
    },
    {
      "name": "CVE-2023-28830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28830"
    },
    {
      "name": "CVE-2023-38531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38531"
    },
    {
      "name": "CVE-2023-38524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38524"
    },
    {
      "name": "CVE-2023-39186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39186"
    },
    {
      "name": "CVE-2023-37372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37372"
    },
    {
      "name": "CVE-2021-41544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41544"
    },
    {
      "name": "CVE-2022-25634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25634"
    },
    {
      "name": "CVE-2023-39182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39182"
    },
    {
      "name": "CVE-2021-31239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31239"
    },
    {
      "name": "CVE-2023-37373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37373"
    },
    {
      "name": "CVE-2023-39184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39184"
    },
    {
      "name": "CVE-2023-38525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38525"
    },
    {
      "name": "CVE-2020-27738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27738"
    },
    {
      "name": "CVE-2023-30795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30795"
    },
    {
      "name": "CVE-2023-38530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38530"
    },
    {
      "name": "CVE-2023-38527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38527"
    },
    {
      "name": "CVE-2022-45937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45937"
    },
    {
      "name": "CVE-2023-37378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37378"
    },
    {
      "name": "CVE-2023-38528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38528"
    },
    {
      "name": "CVE-2023-39181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39181"
    },
    {
      "name": "CVE-2023-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4304"
    },
    {
      "name": "CVE-2023-38682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38682"
    },
    {
      "name": "CVE-2023-38532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38532"
    },
    {
      "name": "CVE-2023-30796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30796"
    },
    {
      "name": "CVE-2023-38529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38529"
    },
    {
      "name": "CVE-2023-38683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38683"
    },
    {
      "name": "CVE-2020-27737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27737"
    },
    {
      "name": "CVE-2021-25677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25677"
    }
  ],
  "initial_release_date": "2023-08-08T00:00:00",
  "last_revision_date": "2023-08-08T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0633",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-08-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-472630 du 8 ao\u00fbt 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-472630.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-264815 du 8 ao\u00fbt 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-264815.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-770902 du 8 ao\u00fbt 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-770902.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-975961 du 8 ao\u00fbt 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-975961.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-908185 du 8 ao\u00fbt 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-908185.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-131450 du 8 ao\u00fbt 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-131450.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-407785 du 8 ao\u00fbt 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-407785.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-180579 du 8 ao\u00fbt 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-180579.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-811403 du 8 ao\u00fbt 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-811403.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-264814 du 8 ao\u00fbt 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-264814.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-116172 du 8 ao\u00fbt 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-116172.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-188491 du 8 ao\u00fbt 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-188491.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-001569 du 8 ao\u00fbt 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-001569.html"
    }
  ]
}

gsd-2023-4304

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.

Aliases

CVE-2023-4304

Aliases

CVE-2023-4304

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-4304",
    "id": "GSD-2023-4304"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-4304"
      ],
      "details": "Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.",
      "id": "GSD-2023-4304",
      "modified": "2023-12-13T01:20:27.002249Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@huntr.com",
        "ID": "CVE-2023-4304",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "froxlor/froxlor",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "unspecified",
                          "version_value": "2.0.22,2.1.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "froxlor"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "Ahmed Hassan (ahmedvienna)"
        },
        {
          "lang": "en",
          "value": "Josef Hassan (josefjku)"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.\n\n"
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-840",
                "lang": "eng",
                "value": "CWE-840 Business Logic Errors"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9",
            "refsource": "MISC",
            "url": "https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9"
          },
          {
            "name": "https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597",
            "refsource": "MISC",
            "url": "https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597"
          }
        ]
      },
      "source": {
        "advisory": "59fe5037-b253-4b0f-be69-1d2e4af8b4a9",
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3A1F0C8D-0EC2-4AEF-8800-3FCE3B9D9240",
                    "versionEndExcluding": "2.0.22",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.\n\n"
          }
        ],
        "id": "CVE-2023-4304",
        "lastModified": "2023-12-18T11:15:13.893",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 2.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 1.2,
              "impactScore": 1.4,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 1.2,
              "impactScore": 2.5,
              "source": "security@huntr.dev",
              "type": "Secondary"
            }
          ]
        },
        "published": "2023-08-11T01:15:09.437",
        "references": [
          {
            "source": "security@huntr.dev",
            "tags": [
              "Patch"
            ],
            "url": "https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597"
          },
          {
            "source": "security@huntr.dev",
            "tags": [
              "Exploit",
              "Issue Tracking",
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9"
          }
        ],
        "sourceIdentifier": "security@huntr.dev",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "NVD-CWE-noinfo"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-840"
              }
            ],
            "source": "security@huntr.dev",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

fkie_cve-2023-4304

Vulnerability from fkie_nvd

Published

2023-08-11 01:15

Modified

2024-11-21 08:34

Severity ?

3.8 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Summary

Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.

References

URL	Tags
security@huntr.dev	https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597	Patch
security@huntr.dev	https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9	Exploit, Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597	Patch
af854a3a-2127-422b-91ae-364da2661108	https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9	Exploit, Issue Tracking, Patch, Third Party Advisory

Impacted products

	Vendor	Product	Version
	froxlor	froxlor	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:froxlor:froxlor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A1F0C8D-0EC2-4AEF-8800-3FCE3B9D9240",
              "versionEndExcluding": "2.0.22",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.\n\n"
    },
    {
      "lang": "es",
      "value": "Errores de l\u00f3gica de negocio en el repositorio GitHub froxlor/froxlor anterior a 2.0.22,2.1.0."
    }
  ],
  "id": "CVE-2023-4304",
  "lastModified": "2024-11-21T08:34:49.463",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 3.8,
          "baseSeverity": "LOW",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 2.5,
        "source": "security@huntr.dev",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 2.7,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-08-11T01:15:09.437",
  "references": [
    {
      "source": "security@huntr.dev",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597"
    },
    {
      "source": "security@huntr.dev",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9"
    }
  ],
  "sourceIdentifier": "security@huntr.dev",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-840"
        }
      ],
      "source": "security@huntr.dev",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-9rmf-6qgj-g3wj

Vulnerability from github

Published

2023-08-11 03:30

Modified

2023-08-11 19:46

Severity ?

3.8 (Low) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Summary

Froxlor vulnerable to business logic errors

Details

Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "froxlor/froxlor"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.22"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-4304"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-862"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-11T19:46:03Z",
    "nvd_published_at": "2023-08-11T01:15:09Z",
    "severity": "LOW"
  },
  "details": "Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22",
  "id": "GHSA-9rmf-6qgj-g3wj",
  "modified": "2023-08-11T19:46:03Z",
  "published": "2023-08-11T03:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4304"
    },
    {
      "type": "WEB",
      "url": "https://github.com/froxlor/froxlor/commit/ce9a5f97a3edb30c7d33878765d3c014a6583597"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Froxlor/Froxlor"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/59fe5037-b253-4b0f-be69-1d2e4af8b4a9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Froxlor vulnerable to business logic errors"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2023-4304 (GCVE-0-2023-4304)

Vulnerability from cvelistv5

CERTFR-2023-AVI-0633

Vulnerability from certfr_avis

Solution

gsd-2023-4304

Vulnerability from gsd

fkie_cve-2023-4304

Vulnerability from fkie_nvd

ghsa-9rmf-6qgj-g3wj

Vulnerability from github

Tags

Sightings

Nomenclature