Lucene search

[email protected]CVE-2023-2681

HistoryOct 03, 2023 - 1:15 p.m.

CVE-2023-2681

2023-10-0313:15:09

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

jorani

information security

cve-2023-2681

nvd

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.3%

JSON

An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the “/leaves/validate” path and the “id” parameter, managing to extract arbritary information from the database.

Affected configurations

Vulners

NVD

Node

joranijoraniRange≤1.0.0

VendorProductVersionCPE
joranijorani*cpe:2.3:a:jorani:jorani:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
jorani	jorani	*	cpe:2.3:a:jorani:jorani::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Jorani",
    "vendor": "Jorani",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.0"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/jorani-sql-injection

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.3%

JSON

Related for CVE-2023-2681

cvelist1 nvd1 prion1 osv1