VDB
CVE-2023-2533
CVE-2023-2533
PUBLISHED
KEV
CVSS 8.399999618530273 HIGH
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current login session. Exploiting this would typically involve the possibility of deceiving an admin into clicking a specially crafted malicious link, potentially leading to unauthorized changes.
EPSS 36.32% · 97.2th percentile
Risk Scores
CVSS v3.1
8.399999618530273
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
EPSS Score
36.32%
97.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| papercut | papercut_ng | 0, 21.0.0, 22.0.0 |
| PaperCut | PaperCut NG/MF | 22.0.10, 21.2.12, 20.1.8 |
| papercut | papercut_mf | 0, 21.0.0, 22.0.0 |
Timeline
- Jun 20, 2023 CVE Published
- Jun 21, 2023 EPSS Score
- Jul 26, 2023 EPSS Score
- Oct 5, 2023 EPSS Score
- Nov 9, 2023 EPSS Score
- Jan 18, 2024 EPSS Score
- Feb 23, 2024 EPSS Score
- May 3, 2024 EPSS Score
- Jun 7, 2024 EPSS Score
- Aug 17, 2024 EPSS Score
- Sep 21, 2024 EPSS Score
- Oct 26, 2024 EPSS Score
References
- https://fluidattacks.com/advisories/arcangel/ url
- https://www.papercut.com/kb/Main/SecurityBulletinJune2023 url
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-2533 url
- https://nvd.nist.gov/vuln/detail/CVE-2023-2533 advisory
- https://fluidattacks.com/advisories/arcangel url
- https://www.papercut.com url