CVE-2023-43661

CVSS 3.1 Score 8.8 of 10 (high)

Attack Complexity low
Confidentiality high
Integrity high
Availability high
Privileges Required low
Scope unchanged

Details

Published Oct 11, 2023
Updated: Oct 18, 2023
CWE ID 94
CWE ID 74

Summary

CVE-2023-43661 affects the Cachet open-source status page system. Before version 2.4, a template functionality enabled users to execute arbitrary code on the server due to insufficient filtering and the use of an old Twig version. A patch, committed as 6fb043e109d2a262ce3974e863c54e9e5f5e0587, was implemented in version 2.4 to rectify this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share