Vulnerability Description
CloudExplorer Lite is an open source, lightweight cloud management platform. Versions prior to 1.3.1 contain a command injection vulnerability in the installation function in module management. The vulnerability has been fixed in v1.3.1. There are no known workarounds aside from upgrading.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fit2Cloud | Cloudexplorer Lite | < 1.3.1 |
Related Weaknesses (CWE)
References
- https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/blob/v1.3.0/framework/maProduct
- https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/releases/tag/v1.3.1Release Notes
- https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSAExploitThird Party Advisory
- https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/blob/v1.3.0/framework/maProduct
- https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/releases/tag/v1.3.1Release Notes
- https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSAExploitThird Party Advisory
FAQ
What is CVE-2023-38692?
CVE-2023-38692 is a vulnerability with a CVSS score of 9.8 (CRITICAL). CloudExplorer Lite is an open source, lightweight cloud management platform. Versions prior to 1.3.1 contain a command injection vulnerability in the installation function in module management. The vu...
How severe is CVE-2023-38692?
CVE-2023-38692 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-38692?
Check the references section above for vendor advisories and patch information. Affected products include: Fit2Cloud Cloudexplorer Lite.