CVE-2023-2859
HIGH7.1EPSS 8.7%Code injection in nilsteampassnet/teampass
發布日:2023/5/24修改日:2024/2/16
描述
nilsteampassnet/teampass prior to 3.0.9 is vulnerable to code injection. A malicious user could potentially rename a folder with a payload containing malicious code. This could result in an attack on an admin who edits the folder, as the payload could execute upon the admin's interaction with the folder. This attack could potentially allow the attacker to gain unauthorized access to the admin's system or steal sensitive information, or it could force admin to get redirected to a website controlled by the attacker.
受影響套件(1)
- Packagist/nilsteampassnet/teampassfrom 0, < 3.0.9
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N |