CVE-2024-23055

{"id": "CVE-2024-23055", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2024-01-25T22:15:08.623", "references": [{"url": "http://plone.com", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://ploneorg.com", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-23055", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers."}, {"lang": "es", "value": "Un problema en el software de c\u00f3digo abierto Plone Docker Official Image 5.2.13 (5221) permite la ejecuci\u00f3n remota de c\u00f3digo mediante una validaci\u00f3n incorrecta de la entrada por parte de los encabezados HOST."}], "lastModified": "2024-02-02T17:05:51.857", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:plone:plone_docker_official_image:5.2.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "277934F5-1C92-4B1C-85DE-93C7464108DA"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}