CVE-2023-26439
- EPSS 0.05%
- Published 02.08.2023 13:15:10
- Last modified 21.11.2024 07:51:27
The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. Attackers with access to a local or restricted network were able to perform arbitrary SQL queries, ...
CVE-2023-26440
- EPSS 0.05%
- Published 02.08.2023 13:15:10
- Last modified 21.11.2024 07:51:27
The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be executed when creating new cache groups. Attackers with access to a local or restricted network could perform a...
CVE-2023-26441
- EPSS 0.04%
- Published 02.08.2023 13:15:10
- Last modified 21.11.2024 07:51:27
Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. An attacker with access to the database and a local or restricted network would be able to read arbitrary local fil...
CVE-2023-26442
- EPSS 0.04%
- Published 02.08.2023 13:15:10
- Last modified 21.11.2024 07:51:27
In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network with the capability to intercept and replay HTTP requests to ...