Vulnerability Details : CVE-2023-40035
Craft is a CMS for creating custom digital experiences on the web and beyond. Bypassing the validatePath function can lead to potential remote code execution. This vulnerability can lead to malicious control of vulnerable systems and data exfiltrations. Although the vulnerability is exploitable only in the authenticated users, configuration with ALLOW_ADMIN_CHANGES=true, there is still a potential security threat (Remote Code Execution). This issue has been patched in version 4.4.15 and version 3.8.15.
Vulnerability category: Execute code
Products affected by CVE-2023-40035
- cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*
- cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*
- cpe:2.3:a:craftcms:craft_cms:4.0.0:rc1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-40035
0.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-40035
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST | |
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
GitHub, Inc. |
CWE ids for CVE-2023-40035
-
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.Assigned by: security-advisories@github.com (Primary)
References for CVE-2023-40035
-
https://github.com/craftcms/cms/releases/tag/4.4.15
Release 4.4.15 · craftcms/cms · GitHubRelease Notes
-
https://github.com/craftcms/cms/security/advisories/GHSA-44wr-rmwq-3phw
Remote Code Execution via validatePath bypass · Advisory · craftcms/cms · GitHubExploit;Vendor Advisory
-
https://github.com/craftcms/cms/commit/0bd33861abdc60c93209cff03eeee54504d3d3b5
Fixed a potential RCE vulnerability · craftcms/cms@0bd3386 · GitHubPatch
-
https://github.com/craftcms/cms/releases/tag/3.8.15
Release 3.8.15 · craftcms/cms · GitHubRelease Notes
Jump to