Xibo is a content management system (CMS). Starting in version 3.0.0 and prior to version 3.3.5, some API routes will print a stack trace when called with missing or invalid parameters revealing sensitive information about the locations of paths that the server is using. Users should upgrade to version 3.3.5, which fixes this issue. There are no known workarounds aside from upgrading.
References
Link | Resource |
---|---|
https://claroty.com/team82/disclosure-dashboard | Issue Tracking Third Party Advisory |
https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-c9cx-ghwr-x58m | Vendor Advisory |
https://xibosignage.com/blog/security-advisory-2023-05/ | Vendor Advisory |
https://claroty.com/team82/disclosure-dashboard | Issue Tracking Third Party Advisory |
https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-c9cx-ghwr-x58m | Vendor Advisory |
https://xibosignage.com/blog/security-advisory-2023-05/ | Vendor Advisory |
Configurations
History
21 Nov 2024, 08:05
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
References | () https://claroty.com/team82/disclosure-dashboard - Issue Tracking, Third Party Advisory | |
References | () https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-c9cx-ghwr-x58m - Vendor Advisory | |
References | () https://xibosignage.com/blog/security-advisory-2023-05/ - Vendor Advisory |
06 Jun 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:xibosignage:xibo:*:*:*:*:*:*:*:* | |
First Time |
Xibosignage
Xibosignage xibo |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
References | (MISC) https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-c9cx-ghwr-x58m - Vendor Advisory | |
References | (MISC) https://xibosignage.com/blog/security-advisory-2023-05/ - Vendor Advisory | |
References | (MISC) https://claroty.com/team82/disclosure-dashboard - Issue Tracking, Third Party Advisory | |
CWE | CWE-209 |
30 May 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-30 21:15
Updated : 2024-11-21 08:05
NVD link : CVE-2023-33181
Mitre link : CVE-2023-33181
CVE.ORG link : CVE-2023-33181
JSON object : View
Products Affected
xibosignage
- xibo
CWE
CWE-209
Generation of Error Message Containing Sensitive Information