CVE-2023-49471

Exploit

EPSS 15.4%
Veröffentlicht 10.01.2024 09:15:44
Zuletzt bearbeitet 03.06.2025 15:15:44
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Blind Server-Side Request Forgery (SSRF) vulnerability in karlomikus Bar Assistant before version 3.2.0 does not validate a parameter before making a request through Image::make(), which could allow authenticated remote attackers to execute arbitrary code.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Barassistant ≫ Bar Assistant Version < 3.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	15.4%	0.944

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://github.com/zunak/CVE-2023-49471

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-49471

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-49471

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-49471

EUVD