Lucene search

GoogleOSV:CVE-2023-2681

HistoryOct 03, 2023 - 1:15 p.m.

CVE-2023-2681

2023-10-0313:15:09

Google

osv.dev

sql injection

jorani

remote user

low privileges

arbritary information

database

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

23.3%

JSON

An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the “/leaves/validate” path and the “id” parameter, managing to extract arbritary information from the database.

CPENameOperatorVersion
joranieq0.1.4
joranieq0.6.4
joranieq0.1_beta
joranieq0.6.3
joranieqPrototype1
joranieq0.4.0
joranieq0.3.0
joranieq0.1.1
joranieq0.1
joranieq0.1_alpha

Name	Operator	Version
jorani	eq	0.1.4
jorani	eq	0.6.4
jorani	eq	0.1_beta
jorani	eq	0.6.3
jorani	eq	Prototype1
jorani	eq	0.4.0
jorani	eq	0.3.0
jorani	eq	0.1.1
jorani	eq	0.1
jorani	eq	0.1_alpha

Rows per page:

1-10 of 261

References

www.incibe.es/en/incibe-cert/notices/aviso/jorani-sql-injection

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

23.3%

JSON

Related for OSV:CVE-2023-2681