CVE-2023-45152

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-45152
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-45152.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-45152
Related
  • GHSA-jj9g-75wf-6ppf
Published
2023-10-17T00:15:11Z
Modified
2025-01-15T04:59:12.593706Z
Severity
  • 2.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Engelsystem is a shift planning system for chaos events. A Blind SSRF in the "Import schedule" functionality makes it possible to perform a port scan against the local environment. This vulnerability has been fixed in commit ee7d30b33. If a patch cannot be deployed, operators should ensure that no HTTP(s) services listen on localhost and/or systems only reachable from the host running the engelsystem software. If such services are necessary, they should utilize additional authentication.

References

Affected packages

Git / github.com/engelsystem/engelsystem

Affected ranges

Type
GIT
Repo
https://github.com/engelsystem/engelsystem
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

v2.*

v2.0.0

v3.*

v3.0.0
v3.1.0
v3.2.0
v3.3.0
v3.4.0