CVE-2023-3566

A vulnerability was found in wallabag 2.5.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /config of the component Profile Config. The manipulation of the argument Name leads to allocation of resources. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-233359. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wallabag:wallabag:2.5.4:*:*:*:*:*:*:*

History

21 Nov 2024, 08:17

Type Values Removed Values Added
References () https://github.com/ctflearner/Vulnerability/blob/main/WALLABAG/NAME-LIMIT.md - Exploit () https://github.com/ctflearner/Vulnerability/blob/main/WALLABAG/NAME-LIMIT.md - Exploit
References () https://vuldb.com/?ctiid.233359 - Permissions Required () https://vuldb.com/?ctiid.233359 - Permissions Required
References () https://vuldb.com/?id.233359 - Permissions Required () https://vuldb.com/?id.233359 - Permissions Required
References () https://youtu.be/ouwud0PlHkE - Exploit () https://youtu.be/ouwud0PlHkE - Exploit
CVSS v2 : 2.7
v3 : 6.5
v2 : 2.7
v3 : 3.5

19 Jul 2023, 16:30

Type Values Removed Values Added
References (MISC) https://github.com/ctflearner/Vulnerability/blob/main/WALLABAG/NAME-LIMIT.md - (MISC) https://github.com/ctflearner/Vulnerability/blob/main/WALLABAG/NAME-LIMIT.md - Exploit
References (MISC) https://vuldb.com/?ctiid.233359 - (MISC) https://vuldb.com/?ctiid.233359 - Permissions Required
References (MISC) https://youtu.be/ouwud0PlHkE - (MISC) https://youtu.be/ouwud0PlHkE - Exploit
References (MISC) https://vuldb.com/?id.233359 - (MISC) https://vuldb.com/?id.233359 - Permissions Required
CPE cpe:2.3:a:wallabag:wallabag:2.5.4:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5

10 Jul 2023, 16:27

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-10 16:15

Updated : 2024-11-21 08:17


NVD link : CVE-2023-3566

Mitre link : CVE-2023-3566

CVE.ORG link : CVE-2023-3566


JSON object : View

Products Affected

wallabag

  • wallabag
CWE
CWE-770

Allocation of Resources Without Limits or Throttling