CVE-2023-26441 MEDIUM

CVE-2023-26441

Vendor Ox Software Gmbh

Product OX App Suite

Weakness CWE-200 · Info exposure

Published August 2, 2023

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

5.7/10

Attack vector Physical

Attack complexity High

Privileges required None

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L

What the vulnerability does

01Description

Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. An attacker with access to the database and a local or restricted network would be able to read arbitrary local file system resources that are accessible by the services system user account. We have improved path validation and make sure that any access is contained to the defined root directory. No publicly available exploits are known.

Key dates

02Disclosure timeline

August 2, 2023 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-26441 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

04Related CVE

CVE-2021-44739 Adobe Acrobat Reader DC add-on (AxAcroPDFLib.AxAcroPDF) src NTLMv2 SSO Auth leak vulnerability CVE-2025-12468 FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce <= 3.6.4.1 - Unauthenticated Sensitive Information Exposure CVE-2023-47642 Stream description leaks to ex-subscribers in Zulip CVE-2023-45147 Arbitrary keys can be added to a topic's custom fields by any user in Discourse CVE-2025-53156 Windows Storage Port Driver Information Disclosure Vulnerability