WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/176957/WebCatalog-48.4-Arbitrary-Protocol-Execution-Code-Execution.html | |
https://github.com/itssixtyn3in/CVE-2023-42222 | Exploit Third Party Advisory |
https://webcatalog.io/changelog/ | Release Notes |
https://www.electronjs.org/docs/latest/tutorial/security#15-do-not-use-shellopenexternal-with-untrusted-content | Third Party Advisory |
Configurations
History
02 Feb 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Sep 2023, 17:31
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:webcatalog:webcatalog:*:*:*:*:*:*:*:* | |
First Time |
Webcatalog webcatalog
Webcatalog |
|
CWE | NVD-CWE-Other | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
References | (MISC) https://www.electronjs.org/docs/latest/tutorial/security#15-do-not-use-shellopenexternal-with-untrusted-content - Third Party Advisory | |
References | (MISC) https://github.com/itssixtyn3in/CVE-2023-42222 - Exploit, Third Party Advisory | |
References | (MISC) https://webcatalog.io/changelog/ - Release Notes |
28 Sep 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-28 03:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-42222
Mitre link : CVE-2023-42222
CVE.ORG link : CVE-2023-42222
JSON object : View
Products Affected
webcatalog
- webcatalog
CWE