Lucene search

Ubuntu.comUB:CVE-2023-40827

HistoryAug 28, 2023 - 12:00 a.m.

CVE-2023-40827

2023-08-2800:00:00

ubuntu.com

cve-2023-40827

issue

remote attack

sensitive information

arbitrary code

loadpluginpath

unix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

70.0%

JSON

An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain
sensitive information and execute arbitrary code via the loadpluginPath
parameter.

OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchlibpf4j-java< anyUNKNOWN
ubuntu24.04noarchlibpf4j-java< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	22.04	noarch	libpf4j-java	< any	UNKNOWN
ubuntu	24.04	noarch	libpf4j-java	< any	UNKNOWN

References

github.com/pf4j/pf4j/issues/536

github.com/pf4j/pf4j/pull/537

github.com/pf4j/pf4j/pull/537/commits/ed9392069fe14c6c30d9f876710e5ad40f7ea8c1

launchpad.net/bugs/cve/CVE-2023-40827

nvd.nist.gov/vuln/detail/CVE-2023-40827

security-tracker.debian.org/tracker/CVE-2023-40827

www.cve.org/CVERecord?id=CVE-2023-40827

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

70.0%

JSON

Related for UB:CVE-2023-40827