CVE-2023-38692 CRITICAL

CVE-2023-38692: Command injection vulnerability in module management function in CloudExplorer Lite

Vendor Cloudexplorer-Dev

Product CloudExplorer-Lite

Weakness CWE-78

Published August 4, 2023

Last update October 10, 2024

View on NVD All CVEs

CVSS base score

9.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

CloudExplorer Lite is an open source, lightweight cloud management platform. Versions prior to 1.3.1 contain a command injection vulnerability in the installation function in module management. The vulnerability has been fixed in v1.3.1. There are no known workarounds aside from upgrading.

Key dates

02Disclosure timeline

August 4, 2023 CVE published

October 10, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-38692 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

CVE-2023-38692: Command injection vulnerability in module management function in CloudExplorer Lite

01Description

02Disclosure timeline

03References

04Related CVE