WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/176957/WebCatalog-48.4-Arbitrary-Protocol-Execution-Code-Execution.html | |
https://github.com/itssixtyn3in/CVE-2023-42222 | Exploit Third Party Advisory |
https://webcatalog.io/changelog/ | Release Notes |
https://www.electronjs.org/docs/latest/tutorial/security#15-do-not-use-shellopenexternal-with-untrusted-content | Third Party Advisory |
http://packetstormsecurity.com/files/176957/WebCatalog-48.4-Arbitrary-Protocol-Execution-Code-Execution.html | |
https://github.com/itssixtyn3in/CVE-2023-42222 | Exploit Third Party Advisory |
https://webcatalog.io/changelog/ | Release Notes |
https://www.electronjs.org/docs/latest/tutorial/security#15-do-not-use-shellopenexternal-with-untrusted-content | Third Party Advisory |
Configurations
History
21 Nov 2024, 08:22
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/176957/WebCatalog-48.4-Arbitrary-Protocol-Execution-Code-Execution.html - | |
References | () https://github.com/itssixtyn3in/CVE-2023-42222 - Exploit, Third Party Advisory | |
References | () https://webcatalog.io/changelog/ - Release Notes | |
References | () https://www.electronjs.org/docs/latest/tutorial/security#15-do-not-use-shellopenexternal-with-untrusted-content - Third Party Advisory |
02 Feb 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-09-28 03:15
Updated : 2024-11-21 08:22
NVD link : CVE-2023-42222
Mitre link : CVE-2023-42222
CVE.ORG link : CVE-2023-42222
JSON object : View
Products Affected
webcatalog
- webcatalog
CWE