CVE-2023-42361

Local File Inclusion vulnerability in Midori-global Better PDF Exporter for Jira Server and Jira Data Center v.10.3.0 and before allows an attacker to view arbitrary files and cause other impacts via use of crafted image during PDF export.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gccybermonks.com/posts/pdfjira/	Third Party Advisory
https://marketplace.atlassian.com/apps/5167/better-pdf-exporter-for-jira?tab=versions&hosting=datacenter	Product
https://marketplace.atlassian.com/apps/5167/better-pdf-exporter-for-jira?tab=versions&hosting=server	Product

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:midori-global:better_pdf_exporter::::::jira_data_center::*
	cpe:2.3:a:midori-global:better_pdf_exporter::::::jira_server::*

History

No history.

Information

Published : 2023-11-07 22:15

Updated : 2023-11-15 15:36

NVD link : CVE-2023-42361

Mitre link : CVE-2023-42361

CVE.ORG link : CVE-2023-42361

JSON object : View

Products Affected

midori-global

better_pdf_exporter

CWE

CWE-918

Server-Side Request Forgery (SSRF)

{"id": "CVE-2023-42361", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2023-11-07T22:15:11.167", "references": [{"url": "https://gccybermonks.com/posts/pdfjira/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://marketplace.atlassian.com/apps/5167/better-pdf-exporter-for-jira?tab=versions&hosting=datacenter", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://marketplace.atlassian.com/apps/5167/better-pdf-exporter-for-jira?tab=versions&hosting=server", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "Local File Inclusion vulnerability in Midori-global Better PDF Exporter for Jira Server and Jira Data Center v.10.3.0 and before allows an attacker to view arbitrary files and cause other impacts via use of crafted image during PDF export."}, {"lang": "es", "value": "Vulnerabilidad de inclusi\u00f3n de archivos locales en Midori-global Better PDF Exporter para Jira Server y Jira Data Center v.10.3.0 y anteriores permite a un atacante ver archivos arbitrarios y causar otros impactos mediante el uso de im\u00e1genes manipuladas durante la exportaci\u00f3n de PDF."}], "lastModified": "2023-11-15T15:36:46.743", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:midori-global:better_pdf_exporter:*:*:*:*:*:jira_data_center:*:*", "vulnerable": true, "matchCriteriaId": "01BC6400-9F22-4083-B002-5070AD3CF3CA", "versionEndExcluding": "11.0.0"}, {"criteria": "cpe:2.3:a:midori-global:better_pdf_exporter:*:*:*:*:*:jira_server:*:*", "vulnerable": true, "matchCriteriaId": "D53866FD-5A62-4F31-8A25-28BA67A658E3", "versionEndExcluding": "11.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}