CVE-2023-23607 - Vulnerability Details - OpenCVE

erohtar/Dasherr is a dashboard for self-hosted services. In affected versions unrestricted file upload allows any unauthenticated user to execute arbitrary code on the server. The file /www/include/filesave.php allows for any file to uploaded to anywhere. If an attacker uploads a php file they can execute code on the server. This issue has been addressed in version 1.05.00. Users are advised to upgrade. There are no known workarounds for this issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dasherr Project	Dasherr

Configuration 1 [-]

cpe:2.3:a:dasherr_project:dasherr:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/erohtar/Dasherr/commit/445325c7cf1148a8cd38af3a90789c6cbf6c5112
https://github.com/erohtar/Dasherr/security/advisories/GHSA-6rgc-2x44-7phq
https://www.vicarius.io/vsociety/posts/analyzing-arbitrary-file-upload-in-dasherr-cve-2023-23607-23608

History

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://www.vicarius.io/vsociety/posts/analyzing-arbitrary-file-upload-in-dasherr-cve-2023-23607-23608

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-01-20T20:03:45.071Z

Updated: 2024-08-19T07:47:54.182Z

Reserved: 2023-01-16T17:07:46.241Z

Link: CVE-2023-23607

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-01-20T21:15:11.167

Modified: 2024-11-21T07:46:31.390

Link: CVE-2023-23607

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-23607", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-01-16T17:07:46.241Z", "datePublished": "2023-01-20T20:03:45.071Z", "dateUpdated": "2024-08-19T07:47:54.182Z"}, "containers": {"cna": {"title": "Unrestricted file upload leads to Remote Code Execution in erohtar/Dasherr", "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "lang": "en", "description": "CWE-434: Unrestricted Upload of File with Dangerous Type", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/erohtar/Dasherr/security/advisories/GHSA-6rgc-2x44-7phq", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/erohtar/Dasherr/security/advisories/GHSA-6rgc-2x44-7phq"}, {"name": "https://github.com/erohtar/Dasherr/commit/445325c7cf1148a8cd38af3a90789c6cbf6c5112", "tags": ["x_refsource_MISC"], "url": "https://github.com/erohtar/Dasherr/commit/445325c7cf1148a8cd38af3a90789c6cbf6c5112"}], "affected": [{"vendor": "erohtar", "product": "Dasherr", "versions": [{"version": "< 1.05.00", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-01-20T20:03:45.071Z"}, "descriptions": [{"lang": "en", "value": "erohtar/Dasherr is a dashboard for self-hosted services. In affected versions unrestricted file upload allows any unauthenticated user to execute arbitrary code on the server. The file /www/include/filesave.php allows for any file to uploaded to anywhere. If an attacker uploads a php file they can execute code on the server. This issue has been addressed in version 1.05.00. Users are advised to upgrade. There are no known workarounds for this issue.\n"}], "source": {"advisory": "GHSA-6rgc-2x44-7phq", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-19T07:47:54.182Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/erohtar/Dasherr/security/advisories/GHSA-6rgc-2x44-7phq", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/erohtar/Dasherr/security/advisories/GHSA-6rgc-2x44-7phq"}, {"name": "https://github.com/erohtar/Dasherr/commit/445325c7cf1148a8cd38af3a90789c6cbf6c5112", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/erohtar/Dasherr/commit/445325c7cf1148a8cd38af3a90789c6cbf6c5112"}, {"url": "https://www.vicarius.io/vsociety/posts/analyzing-arbitrary-file-upload-in-dasherr-cve-2023-23607-23608"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dasherr_project:dasherr:*:*:*:*:*:*:*:*", "matchCriteriaId": "8BD184F8-3C80-4A3B-A198-5CA082851B8F", "versionEndExcluding": "1.05.00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "erohtar/Dasherr is a dashboard for self-hosted services. In affected versions unrestricted file upload allows any unauthenticated user to execute arbitrary code on the server. The file /www/include/filesave.php allows for any file to uploaded to anywhere. If an attacker uploads a php file they can execute code on the server. This issue has been addressed in version 1.05.00. Users are advised to upgrade. There are no known workarounds for this issue.\n"}, {"lang": "es", "value": "erohtar/Dasherr es un panel para servicios autohospedados. En las versiones afectadas, la carga de archivos sin restricciones permite que cualquier usuario no autenticado ejecute c\u00f3digo arbitrario en el servidor. El archivo /www/include/filesave.php permite cargar cualquier archivo en cualquier lugar. Si un atacante carga un archivo php, puede ejecutar c\u00f3digo en el servidor. Este problema se solucion\u00f3 en la versi\u00f3n 1.05.00. Se recomienda a los usuarios que actualicen. No se conocen workarounds para este problema."}], "id": "CVE-2023-23607", "lastModified": "2024-11-21T07:46:31.390", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-20T21:15:11.167", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/erohtar/Dasherr/commit/445325c7cf1148a8cd38af3a90789c6cbf6c5112"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/erohtar/Dasherr/security/advisories/GHSA-6rgc-2x44-7phq"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/erohtar/Dasherr/commit/445325c7cf1148a8cd38af3a90789c6cbf6c5112"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/erohtar/Dasherr/security/advisories/GHSA-6rgc-2x44-7phq"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.vicarius.io/vsociety/posts/analyzing-arbitrary-file-upload-in-dasherr-cve-2023-23607-23608"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "security-advisories@github.com", "type": "Secondary"}]}