CVE-2023-1719

Exploit

EPSS 4.97%
Veröffentlicht 01.11.2023 10:15:09
Zuletzt bearbeitet 21.11.2024 07:39:45
Quelle info@starlabs.sg
CVE-Watchlists
Login
Unerledigt
Login

Bitrix24 Insecure Global Variable Extraction

Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via overwriting uninitialised variables.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bitrix24 ≫ Bitrix24 Version22.0.300

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.97%	0.911

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
info@starlabs.sg	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-665 Improper Initialization

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

https://starlabs.sg/advisories/23/23-1719/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-1719

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-1719

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-1719

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-1719