CVE-2023-1789

EPSS 0.06%
Veröffentlicht 01.04.2023 02:15:07
Zuletzt bearbeitet 21.11.2024 07:39:54
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

Improper Input Validation in GitHub repository firefly-iii/firefly-iii prior to 6.0.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Firefly-iii ≫ Firefly Iii Version < 5.7.18

Firefly-iii ≫ Firefly Iii Version5.8.0 Updatealpha1

Firefly-iii ≫ Firefly Iii Version6.0.0 Updatealpha1

Firefly-iii ≫ Firefly Iii Version6.0.0 Updatealpha2

Firefly-iii ≫ Firefly Iii Version6.0.0 Updatebeta1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.173

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security@huntr.dev	5.2	1.1	3.7	CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/firefly-iii/firefly-iii/commit/6b05c0fbd3e8c40ae9b24dc2698821786fccf0c5

Patch

https://huntr.dev/bounties/2c3489f7-6b84-48f8-9368-9cea67cf373d

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2023-1789

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-1789

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-1789

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-1789