CVE-2023-2681

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

A

n SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the "/leaves/validate" path and the “id” parameter, managing to extract arbritary information from the database.

References

Link	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/jorani-sql-injection	Third Party Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/jorani-sql-injection	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:jorani:jorani:1.0.0:*:*:*:*:*:*:*

History

21 Nov 2024, 07:59

Type	Values Removed	Values Added
References	~~() https://www.incibe.es/en/incibe-cert/notices/aviso/jorani-sql-injection - Third Party Advisory~~	() https://www.incibe.es/en/incibe-cert/notices/aviso/jorani-sql-injection - Third Party Advisory

Information

Published : 2023-10-03 13:15

Updated : 2024-11-21 07:59

NVD link : CVE-2023-2681

Mitre link : CVE-2023-2681

CVE.ORG link : CVE-2023-2681

JSON object : View

Products Affected

jorani

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2023-2681", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-10-03T13:15:09.937", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/jorani-sql-injection", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/jorani-sql-injection", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-89"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the \"/leaves/validate\" path and the \u201cid\u201d parameter, managing to extract arbritary information from the database."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad de inyecci\u00f3n SQL en la versi\u00f3n 1.0.0 de Jorani. Esta vulnerabilidad permite que un usuario remoto autenticado, con bajos privilegios, env\u00ede consultas con c\u00f3digo SQL malicioso en la ruta \"/leaves/validate\" y el par\u00e1metro \u201cid\u201d, logrando extraer informaci\u00f3n arbitraria de la base de datos."}], "lastModified": "2024-11-21T07:59:04.433", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jorani:jorani:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE8B2D2D-7CCC-4688-9C1C-5C2512F140E6"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}