gsd-2023-2473
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be initiated remotely. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227860.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2023-2473", "id": "GSD-2023-2473" }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2023-2473" ], "details": "A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be initiated remotely. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227860.", "id": "GSD-2023-2473", "modified": "2023-12-13T01:20:31.626132Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cna@vuldb.com", "ID": "CVE-2023-2473", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Dreamer CMS", "version": { "version_data": [ { "version_affected": "=", "version_value": "4.1.0" }, { "version_affected": "=", "version_value": "4.1.1" }, { "version_affected": "=", "version_value": "4.1.2" }, { "version_affected": "=", "version_value": "4.1.3" } ] } } ] }, "vendor_name": "n/a" } ] } }, "credits": [ { "lang": "en", "value": "VulDB Gitee Analyzer" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be initiated remotely. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227860." }, { "lang": "deu", "value": "In Dreamer CMS bis 4.1.3 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Es geht um die Funktion updatePwd der Datei UserController.java der Komponente Password Hash Calculation. Mittels Manipulieren mit unbekannten Daten kann eine inefficient algorithmic complexity-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." } ] }, "impact": { "cvss": [ { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" }, { "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-407", "lang": "eng", "value": "CWE-407 Inefficient Algorithmic Complexity" } ] } ] }, "references": { "reference_data": [ { "name": "https://vuldb.com/?id.227860", "refsource": "MISC", "url": "https://vuldb.com/?id.227860" }, { "name": "https://vuldb.com/?ctiid.227860", "refsource": "MISC", "url": "https://vuldb.com/?ctiid.227860" }, { "name": "https://gitee.com/isoftforce/dreamer_cms/issues/I6WHO7", "refsource": "MISC", "url": "https://gitee.com/isoftforce/dreamer_cms/issues/I6WHO7" } ] } }, "nvd.nist.gov": { "cve": { "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:dreamer_cms_project:dreamer_cms:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA07F976-C035-4B45-83A9-1414D57F3AAF", "versionEndIncluding": "4.1.3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be initiated remotely. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227860." } ], "id": "CVE-2023-2473", "lastModified": "2024-04-11T01:19:49.933", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary" } ] }, "published": "2023-05-02T13:15:25.090", "references": [ { "source": "cna@vuldb.com", "tags": [ "Issue Tracking" ], "url": "https://gitee.com/isoftforce/dreamer_cms/issues/I6WHO7" }, { "source": "cna@vuldb.com", "tags": [ "Permissions Required", "VDB Entry" ], "url": "https://vuldb.com/?ctiid.227860" }, { "source": "cna@vuldb.com", "tags": [ "VDB Entry" ], "url": "https://vuldb.com/?id.227860" } ], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-407" } ], "source": "cna@vuldb.com", "type": "Primary" } ] } } } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…