CVE-2023-28458
published 2023-04-20CVE-2023-28458: pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Organizers can trigger the overwriting (with the standard pretalx 404…
PriorityP431medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EXPLOIT
EPSS
3.43%
87.4th percentile
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Organizers can trigger the overwriting (with the standard pretalx 404 page content) of an arbitrary file.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pretalx | pretalx | <= 2.3.1 | — |
| pretalx | pretalx | >= 0 < 60722c43cf975f319e94102e6bff320723776890 | 60722c43cf975f319e94102e6bff320723776890 |
| pretalx | pretalx | >= 2.3.1 < 2.3.2 | 2.3.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unexpected file writes outside the expected HTML export directory, particularly writes of the standard pretalx 404 page content to arbitrary filesystem paths — indicative of path traversal exploitation. ↗
- →Exploitation via the Metasploit module requires Pretalx to be running in debug mode; detect debug mode enablement in Pretalx configuration as a prerequisite indicator. ↗
- →Inspect HTTP requests to the HTML export feature for path traversal sequences (e.g., '../') in export-related parameters, targeting the organizer-accessible HTML export endpoint. ↗
- ·The HTML export feature is non-default; instances that have not explicitly enabled it are not exposed to this vulnerability. ↗
- ·Full RCE via the Metasploit exploit chain requires Pretalx to be running in debug mode; without debug mode, exploitation is limited to arbitrary file overwrite with 404 page content. ↗
- ·The vulnerability is exploitable only by authenticated organizer-level users, not unauthenticated attackers. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
pretalx allows path traversal in HTML export
osv·2023-04-20
CVE-2023-28458 [MEDIUM] pretalx allows path traversal in HTML export
pretalx allows path traversal in HTML export
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Organizers can trigger the overwriting (with the standard pretalx 404 page content) of an arbitrary file.
OSV
CVE-2023-28458: pretalx 2
osv·2023-04-20
CVE-2023-28458 CVE-2023-28458: pretalx 2
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Organizers can trigger the overwriting (with the standard pretalx 404 page content) of an arbitrary file.
GHSA
pretalx allows path traversal in HTML export
ghsa·2023-04-20
CVE-2023-28458 [MEDIUM] CWE-22 pretalx allows path traversal in HTML export
pretalx allows path traversal in HTML export
pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Organizers can trigger the overwriting (with the standard pretalx 404 page content) of an arbitrary file.
No detection rules found.
https://github.com/pretalx/pretalx/commit/60722c43cf975f319e94102e6bff320723776890https://github.com/pretalx/pretalx/releases/tag/v2.3.2https://pretalx.com/p/news/security-release-232/https://www.sonarsource.com/blog/pretalx-vulnerabilities-how-to-get-accepted-at-every-conference/https://github.com/pretalx/pretalx/commit/60722c43cf975f319e94102e6bff320723776890https://github.com/pretalx/pretalx/releases/tag/v2.3.2https://pretalx.com/p/news/security-release-232/https://www.sonarsource.com/blog/pretalx-vulnerabilities-how-to-get-accepted-at-every-conference/
2023-04-20
Published