admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-27xx/CVE-2023-2749.json
cad-safe-bot b60a304b3d Auto-Update: 2023-06-09T11:28:13.172170+00:00
2023-06-09 11:28:17 +00:00

128 lines
3.9 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-2749",
"sourceIdentifier": "security@asustor.com",
"published": "2023-05-31T09:15:10.490",
"lastModified": "2023-06-07T14:07:01.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. Download Center on ADM 4.0 and above will be affected. Affected products and versions include: Download Center 1.1.5.r1280 and below. "
},
{
"lang": "es",
"value": "Download Center no valida correctamente la ruta de archivo enviada por un usuario. Un atacante puede aprovechar esta vulnerabilidad para obtener acceso no autorizado a archivos o directorios confidenciales sin las restricciones de permisos adecuadas. Download Center se ve afectado en ADM 4.0 y en versiones superiores. Los productos y versiones afectados incluyen: Download Center v1.1.5.r1280 e inferiores. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security@asustor.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
},
{
"source": "security@asustor.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:asustor:download_center:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.1.5",
"versionEndExcluding": "1.1.5.r1298",
"matchCriteriaId": "503AD2F7-FD3C-4BFE-976A-B10AEB7B02B1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:a:asustor:adm:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63289DB6-E94A-4542-A9EA-1E560CCC9D30"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:a:asustor:adm:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44D051A3-DC4D-404C-9D4B-31461265BA6C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.asustor.com/security/security_advisory_detail?id=24",
"source": "security@asustor.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink