Vulnerability Description
Engelsystem is a shift planning system for chaos events. A Blind SSRF in the "Import schedule" functionality makes it possible to perform a port scan against the local environment. This vulnerability has been fixed in commit ee7d30b33. If a patch cannot be deployed, operators should ensure that no HTTP(s) services listen on localhost and/or systems only reachable from the host running the engelsystem software. If such services are necessary, they should utilize additional authentication.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Engelsystem | Engelsystem | < 2023-09-18 |
Related Weaknesses (CWE)
References
- https://github.com/engelsystem/engelsystem/commit/ee7d30b33935ea001705f438fec8ffPatch
- https://github.com/engelsystem/engelsystem/security/advisories/GHSA-jj9g-75wf-6pExploitThird Party Advisory
- https://github.com/engelsystem/engelsystem/commit/ee7d30b33935ea001705f438fec8ffPatch
- https://github.com/engelsystem/engelsystem/security/advisories/GHSA-jj9g-75wf-6pExploitThird Party Advisory
FAQ
What is CVE-2023-45152?
CVE-2023-45152 is a vulnerability with a CVSS score of 2.0 (LOW). Engelsystem is a shift planning system for chaos events. A Blind SSRF in the "Import schedule" functionality makes it possible to perform a port scan against the local environment. This vulnerability ...
How severe is CVE-2023-45152?
CVE-2023-45152 has been rated LOW with a CVSS base score of 2.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-45152?
Check the references section above for vendor advisories and patch information. Affected products include: Engelsystem Engelsystem.