CVE-2023-43661
CVSS 3.1 Score 8.8 of 10 (high)
Attack Complexity low
Confidentiality high
Integrity high
Availability high
Privileges Required low
Scope unchanged
Details
Published Oct 11, 2023
Updated: Oct 18, 2023
CWE ID 94
CWE ID 74
Summary
CVE-2023-43661 affects the Cachet open-source status page system. Before version 2.4, a template functionality enabled users to execute arbitrary code on the server due to insufficient filtering and the use of an old Twig version. A patch, committed as 6fb043e109d2a262ce3974e863c54e9e5f5e0587, was implemented in version 2.4 to rectify this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share