Lucene search

MitreCVE-2023-39023

HistoryJul 28, 2023 - 3:15 p.m.

CVE-2023-39023

2023-07-2815:15:13

CWE-94

mitre

web.nvd.nist.gov

university

compass

v2.2.0

code injection

vulnerability

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

70.2%

JSON

university compass v2.2.0 and below was discovered to contain a code injection vulnerability in the component org.compass.core.executor.DefaultExecutorManager.configure. This vulnerability is exploited via passing an unchecked argument.

Affected configurations

Nvd

Node

university_compass_projectuniversity_compassRange≤2.2.0

VendorProductVersionCPE
university_compass_projectuniversity_compass*cpe:2.3:a:university_compass_project:university_compass:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
university_compass_project	university_compass	*	cpe:2.3:a:university_compass_project:university_compass::::::::

References

github.com/LetianYuan/My-CVE-Public-References/tree/main/org_compass-project_compass

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

70.2%

JSON

Related for CVE-2023-39023