CVE-2023-45849 - OpenCVE

An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Perforce	Helix Core

Configuration 1 [-]

cpe:2.3:a:perforce:helix_core:*:*:*:*:*:*:*:*

References

Link	Resource
https://perforce.com	Product

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Perforce

Published: 2023-11-08T15:40:29.648Z

Updated: 2024-01-04T17:20:00.910Z

Reserved: 2023-10-24T21:47:07.857Z

Link: CVE-2023-45849

JSON object: View

NVD Information

Status : Modified

Published: 2023-11-08T16:15:10.193

Modified: 2023-12-08T00:15:07.350

Link: CVE-2023-45849

JSON object: View

Redhat Information

No data.

CWE

CWE-94

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-45849", "assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e", "state": "PUBLISHED", "assignerShortName": "Perforce", "dateReserved": "2023-10-24T21:47:07.857Z", "datePublished": "2023-11-08T15:40:29.648Z", "dateUpdated": "2024-01-04T17:20:00.910Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Helix Core", "vendor": "Helix", "versions": [{"lessThan": "2023.2", "status": "affected", "version": "0.0.0", "versionType": "semver"}, {"lessThan": "2023.1 Patch 2", "status": "affected", "version": "0.0.0", "versionType": "semver"}, {"lessThan": "2022.2 Patch 3", "status": "affected", "version": "0.0.0", "versionType": "semver"}, {"lessThan": "2022.1 Patch 6", "status": "affected", "version": "0.0.0", "versionType": "semver"}, {"lessThan": "2021.2 Patch 10", "status": "affected", "version": "0.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by </span><span style=\"background-color: rgb(255, 255, 255);\">Jason Geffner</span><span style=\"background-color: rgb(255, 255, 255);\">.</span><br>"}], "value": "An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner.\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e", "shortName": "Perforce", "dateUpdated": "2024-01-04T17:20:00.910Z"}, "references": [{"url": "https://perforce.com"}], "source": {"discovery": "UNKNOWN"}, "title": "Arbitrary Code Execution in Helix Core", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}