Lucene search

MitreCVE-2023-41261

HistoryOct 12, 2023 - 11:15 p.m.

CVE-2023-41261

2023-10-1223:15:11

CWE-287

mitre

web.nvd.nist.gov

cve-2023-41261

security

vulnerability

plixer scrutinizer

authentication bypass

csv export

nvd

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

24.8%

JSON

An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV does not require authentication and allows an unauthenticated user to export a report and access the results.

Affected configurations

Nvd

Node

plixerscrutinizerRange<19.3.1

VendorProductVersionCPE
plixerscrutinizer*cpe:2.3:a:plixer:scrutinizer:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
plixer	scrutinizer	*	cpe:2.3:a:plixer:scrutinizer::::::::

References

github.com/atredispartners/advisories/blob/master/ATREDIS-2023-0001.md

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

24.8%

JSON

Related for CVE-2023-41261