CVE-2023-45152

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-45152

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-45152.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-45152

Aliases

GHSA-jj9g-75wf-6ppf

Published

2023-10-16T23:34:28Z

Modified

2025-10-15T02:42:54.276959Z

Severity

2.0 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N CVSS Calculator

Summary

Blind Server Side Request Forgery (SSRF) in remote schedule import feature in Engelsystem

Details

Engelsystem is a shift planning system for chaos events. A Blind SSRF in the "Import schedule" functionality makes it possible to perform a port scan against the local environment. This vulnerability has been fixed in commit ee7d30b33. If a patch cannot be deployed, operators should ensure that no HTTP(s) services listen on localhost and/or systems only reachable from the host running the engelsystem software. If such services are necessary, they should utilize additional authentication.

References

Affected packages

Git /

Affected ranges

Database specific

{
    "unresolved_versions": [
        {
            "events": [
                {
                    "introduced": "0"
                },
                {
                    "fixed": "ee7d30b33"
                }
            ],
            "type": ""
        }
    ]
}