VDB
CVE-2023-22799
CVE-2023-22799
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Es existieren mehrere Schwachstellen in genua genucenter und in davon genutzten Komponenten von Drittanbietern (curl, libxml, sudo und Ruby). Durch manipulierte Anfragen an das System kann ein Angreifer dadurch Informationen offenlegen, Dateien manipulieren, Cross-Site Scripting Angriffe durchführen oder weitere nicht spezifizierte Auswirkungen erzielen.
EPSS 1.40% · 80.8th percentile
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
EPSS Score
1.40%
80.8th percentile
Exploit Intelligence
- [CVE-2023-22799] Possible ReDoS based DoS vulnerability in GlobalID (hackerone)
- [CVE-2023-22799] Possible ReDoS based DoS vulnerability in GlobalID (hackerone)
- [CVE-2023-22799] Possible ReDoS based DoS vulnerability in GlobalID (hackerone)
- https://discuss.rubyonrails.org/t/cve-2023-22799-possible-redos-based-dos-vulnerability-in-globalid/82127 (circl)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
…and 114 more exploits
Timeline
- CVE Published
- Feb 10, 2023 EPSS Score
- Mar 22, 2023 EPSS Score
- Jun 9, 2023 EPSS Score
- Jul 27, 2023 PoC Published
- Aug 28, 2023 EPSS Score
- Nov 16, 2023 EPSS Score
- Dec 26, 2023 EPSS Score
- Mar 14, 2024 EPSS Score
- Jun 2, 2024 EPSS Score
- Aug 21, 2024 EPSS Score
- Nov 8, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2101.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2101 advisory
- https://kunde.genua.de/nc/suche/view/neuer-patch-genucenter-80p6-verfuegbar.html?tx_genusupport_content%5Bidentity%5D=0&tx_genusupport_content%5BsearchTerm%5D=&tx_genusupport_content%5BforcePath%5D=&tx_genusupport_content%5Baction%5D=genuSupportSearch&tx_genusupport_content%5Bcontroller%5D=Content advisory