CVE-2023-2983
published 2023-05-30CVE-2023-2983: Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23.
PriorityP343high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.92%
55.7th percentile
Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pimcore | pimcore | < 10.5.23 | 10.5.23 |
| pimcore | pimcore | >= 0 < 10.5.23 | 10.5.23 |
| pimcore | pimcore_pimcore | >= unspecified < 10.5.23 | 10.5.23 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Pimcore Privilege Defined With Unsafe Actions vulnerability
ghsa·2023-06-06
CVE-2023-2983 [MEDIUM] CWE-267 Pimcore Privilege Defined With Unsafe Actions vulnerability
Pimcore Privilege Defined With Unsafe Actions vulnerability
### Impact
A new user can privilege escalation to admin role which least config
### Patches
Update to version 10.5.23 or apply this patches manually
https://github.com/pimcore/pimcore/commit/c8f37b19c99cd82e4e558857d3e4d5476ea7228a.patch
### Workarounds
Apply patches manually: https://github.com/pimcore/pimcore/commit/c8f37b19c99cd82e4e558857d3e4d5476ea7228a.patch
### References
https://huntr.dev/bounties/6b2f33d3-2fd0-4d2d-ad7b-2c1e2417eeb1/
OSV
Pimcore Privilege Defined With Unsafe Actions vulnerability
osv·2023-06-06
CVE-2023-2983 [MEDIUM] Pimcore Privilege Defined With Unsafe Actions vulnerability
Pimcore Privilege Defined With Unsafe Actions vulnerability
### Impact
A new user can privilege escalation to admin role which least config
### Patches
Update to version 10.5.23 or apply this patches manually
https://github.com/pimcore/pimcore/commit/c8f37b19c99cd82e4e558857d3e4d5476ea7228a.patch
### Workarounds
Apply patches manually: https://github.com/pimcore/pimcore/commit/c8f37b19c99cd82e4e558857d3e4d5476ea7228a.patch
### References
https://huntr.dev/bounties/6b2f33d3-2fd0-4d2d-ad7b-2c1e2417eeb1/
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-05-30
Published