CVE-2023-35154
published 2023-06-23CVE-2023-35154: Knowage is an open source analytics and business intelligence suite. Starting in version 6.0.0 and prior to version 8.1.8, an attacker can register and…
PriorityP335medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
EPSS
0.38%
29.8th percentile
Knowage is an open source analytics and business intelligence suite. Starting in version 6.0.0 and prior to version 8.1.8, an attacker can register and activate their account without having to click on the link included in the email, allowing them access to the application as a normal user. This issue has been patched in version 8.1.8.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| eng | knowage | >= 6.1.0 < 8.1.8 | 8.1.8 |
| knowagelabs | knowage-server | < 8.1.8 | 8.1.8 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-06-23
Published