CVE-2023-3432 - OpenCVE

Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Plantuml	Plantuml
Fedoraproject	Fedora

Configuration 1 [-]

cpe:2.3:a:plantuml:plantuml:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/plantuml/plantuml/commit/b32500bb61ae617bb312496d6d832e4be8190797	Patch
https://huntr.dev/bounties/8ac3316f-431c-468d-87e4-3dafff2ecf51	Exploit Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FV7XL3CY3K3K5ER3ASMEQA546MIQQ7QM/	Mailing List Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: @huntrdev

Published: 2023-06-27T14:30:23.442Z

Updated: 2023-06-27T14:30:23.442Z

Reserved: 2023-06-27T14:30:17.372Z

Link: CVE-2023-3432

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-06-27T15:15:11.980

Modified: 2024-02-01T01:23:00.190

Link: CVE-2023-3432

JSON object: View

Redhat Information

No data.

CWE

CWE-918

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:plantuml:plantuml:*:*:*:*:*:*:*:*", "matchCriteriaId": "389D4A80-A72D-42CC-885E-818A52175C8A", "versionEndExcluding": "1.2023.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9."}], "id": "CVE-2023-3432", "lastModified": "2024-02-01T01:23:00.190", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 2.7, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.8, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-06-27T15:15:11.980", "references": [{"source": "security@huntr.dev", "tags": ["Patch"], "url": "https://github.com/plantuml/plantuml/commit/b32500bb61ae617bb312496d6d832e4be8190797"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/8ac3316f-431c-468d-87e4-3dafff2ecf51"}, {"source": "security@huntr.dev", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FV7XL3CY3K3K5ER3ASMEQA546MIQQ7QM/"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security@huntr.dev", "type": "Primary"}]}