CVE-2023-38880

{"id": "CVE-2023-38880", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-11-20T19:15:08.600", "references": [{"url": "https://github.com/OS4ED/openSIS-Classic", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38880", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.os4ed.com/", "tags": ["Product"], "source": "[email protected]"}, {"url": "https://github.com/OS4ED/openSIS-Classic", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38880", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.os4ed.com/", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is stored in the web root while the file name has a format of \"opensisBackup<date>.sql\" (e.g. \"opensisBackup07-20-2023.sql\"), i.e. can easily be guessed. This file can be accessed by any unauthenticated actor and contains a dump of the whole database including password hashes."}, {"lang": "es", "value": "La versi\u00f3n Community Edition 9.0 de openSIS Classic de OS4ED tiene una vulnerabilidad de control de acceso rota en la funcionalidad de copia de seguridad de la base de datos. Siempre que un administrador genera una copia de seguridad de la base de datos, la copia de seguridad se almacena en la ra\u00edz web mientras el nombre del archivo tiene el formato \"opensisBackup.sq|\" (p. ej., \"opensisBackup07-20-2023.sql\"), es decir, se puede adivinar f\u00e1cilmente. Cualquier actor no autenticado puede acceder a este archivo y contiene un volcado de toda la base de datos, incluidos los hashes de contrase\u00f1as."}], "lastModified": "2024-11-21T08:14:21.227", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:os4ed:opensis:9.0:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "31C122B7-1057-40D8-B883-8C41776AA826"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}