CVE-2023-2681 - Vulnerability Details - OpenCVE

Description

An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the "/leaves/validate" path and the “id” parameter, managing to extract arbritary information from the database.

Published: 2023-10-03

Score: 8.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Jorani

Jorani

unaffected

Version	Status	Constraints
`1.0.0`	affected	—

Configuration 1 [-]

cpe:2.3:a:jorani:jorani:1.0.0:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

Vendor Solution

This vulnerability has been solved in the 1.0.2 version, released on May 1th.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2023-34145	An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the "/leaves/validate" path and the “id” parameter, managing to extract arbritary information from the database.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00565.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://www.incibe.es/en/incibe-cert/notices/aviso/jorani-sql-injection

History

Thu, 19 Sep 2024 20:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Subscriptions

Jorani Jorani

MITRE

Status: PUBLISHED

Assigner: INCIBE

Published: 2023-10-03T12:19:55.164Z

Updated: 2024-09-19T19:53:17.252Z

Reserved: 2023-05-12T10:44:03.340Z

Link: CVE-2023-2681

Vulnrichment

Updated: 2024-08-02T06:33:04.208Z

NVD

Status : Modified

Published: 2023-10-03T13:15:09.937

Modified: 2024-11-21T07:59:04.433

Link: CVE-2023-2681

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-89

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-2681", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "state": "PUBLISHED", "assignerShortName": "INCIBE", "dateReserved": "2023-05-12T10:44:03.340Z", "datePublished": "2023-10-03T12:19:55.164Z", "dateUpdated": "2024-09-19T19:53:17.252Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Jorani", "vendor": "Jorani", "versions": [{"status": "affected", "version": "1.0.0"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "David Ut\u00f3n Amaya (m3n0sd0n4ld)"}], "datePublic": "2023-05-29T10:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the \"/leaves/validate\" path and the \u201cid\u201d parameter, managing to extract arbritary information from the database."}], "value": "An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the \"/leaves/validate\" path and the \u201cid\u201d parameter, managing to extract arbritary information from the database."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2023-10-03T12:19:55.164Z"}, "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/jorani-sql-injection"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "This vulnerability has been solved in the 1.0.2 version, released on May 1th.<br>"}], "value": "This vulnerability has been solved in the 1.0.2 version, released on May 1th.\n"}], "source": {"discovery": "UNKNOWN"}, "title": "SQL Injection on Jorani", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:33:04.208Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/jorani-sql-injection", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-19T19:52:57.510420Z", "id": "CVE-2023-2681", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-19T19:53:17.252Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/jorani-sql-injection", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:33:04.208Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-2681", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-19T19:52:57.510420Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-19T19:53:13.111Z"}}], "cna": {"title": "SQL Injection on Jorani", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "David Ut\u00f3n Amaya (m3n0sd0n4ld)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Jorani", "product": "Jorani", "versions": [{"status": "affected", "version": "1.0.0"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "This vulnerability has been solved in the 1.0.2 version, released on May 1th.\n", "supportingMedia": [{"type": "text/html", "value": "This vulnerability has been solved in the 1.0.2 version, released on May 1th.<br>", "base64": false}]}], "datePublic": "2023-05-29T10:00:00.000Z", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/jorani-sql-injection"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the \"/leaves/validate\" path and the \u201cid\u201d parameter, managing to extract arbritary information from the database.", "supportingMedia": [{"type": "text/html", "value": "An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the \"/leaves/validate\" path and the \u201cid\u201d parameter, managing to extract arbritary information from the database.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "shortName": "INCIBE", "dateUpdated": "2023-10-03T12:19:55.164Z"}}}, "cveMetadata": {"cveId": "CVE-2023-2681", "state": "PUBLISHED", "dateUpdated": "2024-09-19T19:53:17.252Z", "dateReserved": "2023-05-12T10:44:03.340Z", "assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516", "datePublished": "2023-10-03T12:19:55.164Z", "assignerShortName": "INCIBE"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jorani:jorani:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "CE8B2D2D-7CCC-4688-9C1C-5C2512F140E6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the \"/leaves/validate\" path and the \u201cid\u201d parameter, managing to extract arbritary information from the database."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad de inyecci\u00f3n SQL en la versi\u00f3n 1.0.0 de Jorani. Esta vulnerabilidad permite que un usuario remoto autenticado, con bajos privilegios, env\u00ede consultas con c\u00f3digo SQL malicioso en la ruta \"/leaves/validate\" y el par\u00e1metro \u201cid\u201d, logrando extraer informaci\u00f3n arbitraria de la base de datos."}], "id": "CVE-2023-2681", "lastModified": "2024-11-21T07:59:04.433", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cve-coordination@incibe.es", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-10-03T13:15:09.937", "references": [{"source": "cve-coordination@incibe.es", "tags": ["Third Party Advisory"], "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/jorani-sql-injection"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/jorani-sql-injection"}], "sourceIdentifier": "cve-coordination@incibe.es", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "cve-coordination@incibe.es", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}