Vulnerability Details : CVE-2023-34237
SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd process. Exploiting the vulnerabilities requires access to the web interface. Remote exploitation is possible if users[exposed their setup to the internet or other untrusted networks without setting a username/password. By default SABnzbd is only accessible from `localhost`, with no authentication required for the web interface. This issue has been patched in commits `e3a722` and `422b4f` which have been included in the 4.0.2 release. Users are advised to upgrade. Users unable to upgrade should ensure that a username and password have been set if their instance is web accessible.
Vulnerability category: Execute code
Products affected by CVE-2023-34237
- cpe:2.3:a:sabnzbd:sabnzbd:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-34237
4.93%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-34237
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
8.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
GitHub, Inc. |
CWE ids for CVE-2023-34237
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: security-advisories@github.com (Secondary)
References for CVE-2023-34237
-
https://sabnzbd.org/wiki/configuration/4.0/general
SABnzbd - Wiki - GeneralVendor Advisory
-
https://github.com/sabnzbd/sabnzbd/commit/e3a722664819d1c7c8fab97144cc299b1c18b429
Move Notification Script Parameters to environment variable · sabnzbd/sabnzbd@e3a7226 · GitHubPatch
-
https://security.gentoo.org/glsa/202312-11
SABnzbd: Remote Code Execution (GLSA 202312-11) — Gentoo security
-
https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-hhgh-xgh3-985r
Remote code execution via specially crafted script settings · Advisory · sabnzbd/sabnzbd · GitHubVendor Advisory
-
https://github.com/sabnzbd/sabnzbd/commit/422b4fce7bfd56e95a315be0400cdfdc585df7cc
Notification Script did not get environment variables · sabnzbd/sabnzbd@422b4fc · GitHubPatch
Jump to