8.8

CVE-2023-54345

Exploit

Frappe Framework ERPNext 13.4.0 Remote Code Execution

Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame introspection. Attackers can create a server script via the /app/server-script endpoint and access the gi_frame attribute to traverse the call stack and invoke os.popen to execute system commands.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FrappeErpnext Version13.4.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.61% 0.444
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
disclosure@vulncheck.com 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
disclosure@vulncheck.com 8.7 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

https://github.com/frappe/frappe/
Product
http://erpnext.org
Product
https://frappeframework.com/docs/v13/user/en/desk/scripting/server-script
Product
https://gist.github.com/lebr0nli/c2fc617390451f0e5a4c31c87d8720b6
Exploit
https://github.com/frappe/frappe/blob/v13.4.0/frappe/utils/safe_exec.py#L42
Product
https://ur4ndom.dev/posts/2023-07-02-uiuctf-rattler-read/
Not Applicable
https://www.exploit-db.com/exploits/51580
Exploit
VDB Entry
https://www.vulncheck.com/advisories/frappe-framework-erpnext-remote-code-execution
Third Party Advisory