VDB
CVE-2023-27530
CVE-2023-27530
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Es existieren mehrere Schwachstellen in genua genucenter und in davon genutzten Komponenten von Drittanbietern (curl, libxml, sudo und Ruby). Durch manipulierte Anfragen an das System kann ein Angreifer dadurch Informationen offenlegen, Dateien manipulieren, Cross-Site Scripting Angriffe durchführen oder weitere nicht spezifizierte Auswirkungen erzielen.
EPSS 1.98% · 83.9th percentile
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
EPSS Score
1.98%
83.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedora | Fedora Linux | |
| Open Source | Open Source Ruby on Rails <2.0.9.3 | |
| Open Source | Open Source Ruby on Rails <2.2.6.3 | |
| Red Hat | Red Hat Enterprise Linux | |
| Open Source | Open Source Ruby on Rails <3.0.4.2 | |
| SUSE | SUSE openSUSE | |
| Open Source | Open Source Ruby on Rails <2.1.4.3 | |
| Debian | Debian Linux | |
| SUSE | SUSE Linux | |
| Ubuntu | Ubuntu Linux |
Exploit Intelligence
- https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388 (circl)
- [debian-lts-announce] 20230417 [SECURITY] [DLA 3392-1] ruby-rack security update (circl)
- DSA-5530 (circl)
- https://security.netapp.com/advisory/ntap-20231208-0015/ (circl)
- CIRCL seen: CVE-2023-27530 (circl-sighting)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
…and 22 more exploits
Timeline
- Mar 2, 2023 CVE Published
- Mar 11, 2023 EPSS Score
- Mar 11, 2023 PoC Published
- Apr 19, 2023 EPSS Score
- Jul 5, 2023 EPSS Score
- Aug 13, 2023 EPSS Score
- Oct 30, 2023 EPSS Score
- Dec 8, 2023 EPSS Score
- Jan 16, 2024 EPSS Score
- Apr 2, 2024 EPSS Score
- May 11, 2024 EPSS Score
- Jun 19, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0559.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0559 advisory
- https://discuss.rubyonrails.org/t/cve-2023-27530-possible-dos-vulnerability-in-multipart-mime-parsing/82388 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-March/014032.html advisory
- https://lists.debian.org/debian-lts-announce/2023/04/msg00017.html advisory
- https://lists.debian.org/debian-lts-announce/2023/04/msg00018.html advisory
- https://access.redhat.com/errata/RHSA-2023:1961 advisory
- https://access.redhat.com/errata/RHSA-2023:1981 advisory
- https://access.redhat.com/errata/RHSA-2023:3082 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-May/014955.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-May/014983.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-May/014984.html advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-May/015002.html advisory
- https://access.redhat.com/errata/RHSA-2023:3403 advisory
- https://lists.suse.com/pipermail/sle-security-updates/2023-July/015411.html advisory
- https://lists.debian.org/debian-security-announce/2023/msg00226.html advisory
- https://access.redhat.com/errata/RHSA-2023:6818 advisory
- https://ubuntu.com/security/notices/USN-6905-1 advisory
- https://ubuntu.com/security/notices/USN-7036-1 advisory
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/FLQ74D2IZAJC5KD6QXVUZAQ6O5LNAWZX/ advisory
…and 4 more