CVE-2023-29048

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-29048
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-29048.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-29048
Published
2024-01-08T09:15:19Z
Modified
2024-09-03T04:29:37.201010Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. Users and attackers could run system commands with limited privilege to gain unauthorized access to confidential information and potentially violate integrity by modifying resources. The template engine has been reconfigured to deny execution of harmful commands on a system level. No publicly available exploits are known.

References

Affected packages

Git / github.com/open-xchange/appsuite-frontend

Affected ranges

Type
GIT
Repo
https://github.com/open-xchange/appsuite-frontend
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

7.*

7.0.0-10
7.0.0-11
7.0.0-12
7.0.0-8
7.0.0-9
7.0.1-1
7.0.1-2
7.0.1-3
7.0.1-4
7.0.1-5
7.0.1-6
7.10.0-0
7.10.0-10
7.10.0-2
7.10.0-3
7.10.0-4
7.10.0-5
7.10.0-6
7.10.0-7
7.10.0-8
7.10.0-9
7.10.1-1
7.10.1-2
7.10.1-3
7.10.1-4
7.10.2-1
7.10.2-2
7.10.2-3
7.10.3-0
7.10.3-1
7.10.3-2
7.10.3-3
7.10.4-0
7.10.4-1
7.10.4-2
7.10.4-3
7.10.4-4
7.10.4-5
7.10.4-6
7.10.5-0
7.10.5-1
7.10.5-2
7.10.5-3
7.10.5-4
7.10.5-5
7.2.0-1
7.2.0-2
7.2.0-3
7.2.0-4
7.2.0-5
7.2.0-6
7.2.1-1
7.2.1-2
7.2.1-3
7.2.1-4
7.2.1-5
7.2.1-6
7.2.2-1
7.2.2-11
7.2.2-12
7.2.2-13
7.2.2-14
7.2.2-15
7.2.2-16
7.2.2-17
7.2.2-18
7.2.2-19
7.2.2-2
7.2.2-20
7.2.2-3
7.2.2-4
7.2.2-5
7.2.2-6
7.2.2-7
7.2.2-8
7.2.2-9
7.4.0-1
7.4.0-10
7.4.0-11
7.4.0-12
7.4.0-13
7.4.0-14
7.4.0-15
7.4.0-16
7.4.0-17
7.4.0-18
7.4.0-19
7.4.0-2
7.4.0-3
7.4.0-4
7.4.0-5
7.4.0-6
7.4.0-7
7.4.0-8
7.4.0-9
7.4.1-1
7.4.1-10
7.4.1-11
7.4.1-2
7.4.1-3
7.4.1-4
7.4.1-5
7.4.1-6
7.4.1-7
7.4.1-8
7.4.1-9
7.4.2-1
7.4.2-10
7.4.2-11
7.4.2-12
7.4.2-13
7.4.2-14
7.4.2-15
7.4.2-16
7.4.2-17
7.4.2-18
7.4.2-19
7.4.2-2
7.4.2-20
7.4.2-21
7.4.2-22
7.4.2-23
7.4.2-24
7.4.2-25
7.4.2-26
7.4.2-27
7.4.2-28
7.4.2-29
7.4.2-3
7.4.2-4
7.4.2-5
7.4.2-6
7.4.2-7
7.4.2-8
7.4.2-9
7.6.0-1
7.6.0-10
7.6.0-11
7.6.0-12
7.6.0-13
7.6.0-14
7.6.0-15
7.6.0-16
7.6.0-17
7.6.0-2
7.6.0-3
7.6.0-4
7.6.0-5
7.6.0-6
7.6.0-7
7.6.0-8
7.6.0-9
7.6.1-1
7.6.1-10
7.6.1-11
7.6.1-12
7.6.1-13
7.6.1-14
7.6.1-15
7.6.1-16
7.6.1-17
7.6.1-18
7.6.1-19
7.6.1-2
7.6.1-20
7.6.1-21
7.6.1-22
7.6.1-23
7.6.1-24
7.6.1-25
7.6.1-26
7.6.1-3
7.6.1-4
7.6.1-5
7.6.1-6
7.6.1-7
7.6.1-8
7.6.1-9
7.6.2-1
7.6.2-10
7.6.2-11
7.6.2-12
7.6.2-13
7.6.2-14
7.6.2-15
7.6.2-16
7.6.2-17
7.6.2-18
7.6.2-19
7.6.2-2
7.6.2-20
7.6.2-21
7.6.2-22
7.6.2-23
7.6.2-24
7.6.2-25
7.6.2-26
7.6.2-27
7.6.2-28
7.6.2-29
7.6.2-3
7.6.2-4
7.6.2-5
7.6.2-6
7.6.2-7
7.6.2-8
7.6.2-9
7.8.0-1
7.8.0-2
7.8.0-3
7.8.0-4
7.8.0-5
7.8.0-6
7.8.0-7
7.8.0-8
7.8.0-9
7.8.1-1
7.8.1-2
7.8.1-3
7.8.1-4
7.8.1-5
7.8.1-6
7.8.1-7
7.8.2-1
7.8.2-2
7.8.2-3
7.8.2-4
7.8.3-1
7.8.3-2
7.8.3-3
7.8.3-4
7.8.3-5
7.8.4-1
7.8.4-2
7.8.4-3

Other

Test
as-next
sprint_20
sprintreview_2013_07_12