An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host’s file storage. This could exhaust system resources and prevent the service from operating as expected.
References
| Link | Resource |
|---|---|
| https://www.papercut.com/kb/Main/SecurityBulletinJuly2023/ | Vendor Advisory |
| https://www.tenable.com/security/research/tra-2023-23 | Third Party Advisory |
| https://www.papercut.com/kb/Main/SecurityBulletinJuly2023/ | Vendor Advisory |
| https://www.tenable.com/security/research/tra-2023-23 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:17
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.2 |
| References | () https://www.papercut.com/kb/Main/SecurityBulletinJuly2023/ - Vendor Advisory | |
| References | () https://www.tenable.com/security/research/tra-2023-23 - Third Party Advisory |
31 Jul 2023, 18:01
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-434 | |
| CPE | cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:* cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:* |
|
| References | (MISC) https://www.tenable.com/security/research/tra-2023-23 - Third Party Advisory | |
| References | (MISC) https://www.papercut.com/kb/Main/SecurityBulletinJuly2023/ - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
26 Jul 2023, 14:15
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
25 Jul 2023, 13:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-07-25 13:15
Updated : 2024-11-21 08:17
NVD link : CVE-2023-3486
Mitre link : CVE-2023-3486
CVE.ORG link : CVE-2023-3486
JSON object : View
Products Affected
papercut
- papercut_mf
- papercut_ng
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type