CVE-2023-33518

Published: Jun 5, 2023Modified: Jan 8, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a crafted web request.

Affected (1)

Products: Emoncms: Emoncms

Emoncms

1 product

Emoncms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Emoncms Emoncms	Version 11.0

Related CWEs

CWE-203

Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

CWE-668

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (2)

https://github.com/emoncms/emoncms/issues/1856

Source: cve@mitre.org

ExploitIssue Tracking

https://github.com/emoncms/emoncms/issues/1856

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue Tracking

Timeline

No history available yet.