Lucene search

[email protected]NVD:CVE-2023-1789

HistoryApr 01, 2023 - 2:15 a.m.

CVE-2023-1789

2023-04-0102:15:07

CWE-20

[email protected]

web.nvd.nist.gov

github repository

firefly-iii

input validation

prior to 6.0.0

cve-2023-1789

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.2%

JSON

Improper Input Validation in GitHub repository firefly-iii/firefly-iii prior to 6.0.0.

Affected configurations

NVD

Node

firefly-iiifirefly_iiiRange<5.7.18

firefly-iiifirefly_iiiMatch5.8.0alpha1

firefly-iiifirefly_iiiMatch6.0.0alpha1

firefly-iiifirefly_iiiMatch6.0.0alpha2

firefly-iiifirefly_iiiMatch6.0.0beta1

References

github.com/firefly-iii/firefly-iii/commit/6b05c0fbd3e8c40ae9b24dc2698821786fccf0c5

huntr.dev/bounties/2c3489f7-6b84-48f8-9368-9cea67cf373d

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.2%

JSON

Related for NVD:CVE-2023-1789

cve1 osv2 huntr1 cvelist1 github1 veracode1 prion1