Skip to main content

Publify CVE-2023-0299

CRITICAL
Improper Input Validation (CWE-20)
2023-01-14 security@huntr.dev
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jan 14, 2023 - 15:15 nvd
CRITICAL 9.8

DescriptionNVD

Improper Input Validation in GitHub repository publify/publify prior to 9.2.10.

AnalysisAI

Improper Input Validation in GitHub repository publify/publify prior to 9.2.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-20. Improper Input Validation in GitHub repository publify/publify prior to 9.2.10. Affected products include: Publify Project Publify. Version information: prior to 9.2.10..

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-0578 MEDIUM POC
6.5 May 16

Code Injection in GitHub repository publify/publify prior to 9.2.8. Rated medium severity (CVSS 6.5), this vulnerability

CVE-2022-0574 MEDIUM POC
6.5 May 16

Improper Access Control in GitHub repository publify/publify prior to 9.2.8. Rated medium severity (CVSS 6.5), this vuln

CVE-2022-1811 MEDIUM POC
5.4 May 23

Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9. Rated medium severi

CVE-2022-1553 MEDIUM POC
4.9 May 16

Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to

CVE-2022-1810 MEDIUM POC
4.3 May 23

Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9. Rated medium sever

CVE-2023-0569 MEDIUM
6.5 Jan 29

Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10. Rated medium severity (CVSS 6.5), this

CVE-2021-25973 MEDIUM
6.5 Nov 02

In Publify, 9.0.0.pre1 to 9.2.4 are vulnerable to Improper Access Control. Rated medium severity (CVSS 6.5), this vulner

CVE-2024-39311 LOW POC
1.8 Mar 28

Publify is a self hosted Web publishing platform on Rails. Rated low severity (CVSS 1.8), this vulnerability is remotely

CVE-2021-25975 MEDIUM
5.4 Nov 10

In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. Rated mediu

CVE-2021-25974 MEDIUM
5.4 Nov 10

In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. Rated medium severity (CVSS 5.4), this vulnerability i

Share

CVE-2023-0299 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy