CVE-2023-3697
published 2023-08-17CVE-2023-3697: Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and create…
PriorityP350high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.55%
41.8th percentile
Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and create files. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| asustor | adm | 4.0 – 4.0.6.RIS1 | — |
| asustor | adm | 4.1 – 4.1.0.RLQ1 | — |
| asustor | adm | 4.2 – 4.2.2.RI61 | — |
| asustor | data_master | 4.0.0.rib4 – 4.0.6.ris1 | — |
| asustor | data_master | >= 4.1.0.rhu2 < 4.2.3.rk91 | 4.2.3.rk91 |
| redhat | ansible | >= 0 < 2.0.0.2-2ubuntu1.3+esm2 | 2.0.0.2-2ubuntu1.3+esm2 |
| redhat | ansible | >= 0 < 2.5.1+dfsg-1ubuntu0.1+esm2 | 2.5.1+dfsg-1ubuntu0.1+esm2 |
| redhat | ansible | >= 0 < 2.9.6+dfsg-1ubuntu0.1~esm2 | 2.9.6+dfsg-1ubuntu0.1~esm2 |
| redhat | ansible | >= 0 < 2.10.7+merged+base+2.10.8+dfsg-1ubuntu0.1~esm4 | 2.10.7+merged+base+2.10.8+dfsg-1ubuntu0.1~esm4 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
ansible vulnerabilities
osv·2024-06-25·CVSS 7.5
CVE-2022-3697 ansible vulnerabilities
ansible vulnerabilities
It was discovered that Ansible incorrectly handled certain inputs when using
tower_callback parameter. If a user or an automated system were tricked into
opening a specially crafted input file, a remote attacker could possibly use
this issue to obtain sensitive information. This issue only affected Ubuntu
18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-3697)
It was discovered that Ansible incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file, a
remote attacker could possibly use this issue to perform a Template Injection.
(CVE-2023-5764)
GHSA
GHSA-q59p-j22c-xqrw: Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and c
ghsa_unreviewed·2023-08-17
CVE-2023-3697 [HIGH] CWE-22 GHSA-q59p-j22c-xqrw: Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and c
Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and create files. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-08-17
Published