CVE-2023-47105
published 2024-09-18CVE-2023-47105: exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication.
PriorityP182high8.6CVSS 3.1
AVNACLPRNUINSUCLIHAL
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.67%
73.9th percentile
exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | chaosblade-io_chaosblade | >= 0.0.3 < 1.7.4 | 1.7.4 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated GET requests to /chaosblade endpoint with a 'cmd' parameter containing shell command substitution syntax (e.g., $(...) or backticks), indicating exploitation of CVE-2023-47105. ↗
- →A successful probe response will return HTTP 200 with body containing 'uid=', 'code', 'success":false', and 'error' — match all four strings together to confirm vulnerable/exploited instance. ↗
- →The vulnerability is only exploitable when Chaosblade is running in server mode; focus detection on hosts exposing the /chaosblade HTTP endpoint without authentication. ↗
- ·Affected version range is 0.3 through 1.7.3; the vulnerability is fixed in 1.7.4. Only instances running in server mode are exploitable. ↗
CVSS provenance
nvdv3.18.6HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
vulncheck8.6HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Chaosblade vulnerable to OS command execution in github.com/chaosblade-io/chaosblade
osv·2024-09-25
CVE-2023-47105 Chaosblade vulnerable to OS command execution in github.com/chaosblade-io/chaosblade
Chaosblade vulnerable to OS command execution in github.com/chaosblade-io/chaosblade
Chaosblade vulnerable to OS command execution in github.com/chaosblade-io/chaosblade
GHSA
Chaosblade vulnerable to OS command execution
ghsa·2024-09-18
CVE-2023-47105 [CRITICAL] CWE-78 Chaosblade vulnerable to OS command execution
Chaosblade vulnerable to OS command execution
exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication.
OSV
Chaosblade vulnerable to OS command execution
osv·2024-09-18
CVE-2023-47105 [CRITICAL] Chaosblade vulnerable to OS command execution
Chaosblade vulnerable to OS command execution
exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication.
VulnCheck
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
vulncheck·2023·CVSS 8.6
CVE-2023-47105 [HIGH] Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication.
Affected: Chaosblade Chaosblade
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://app.crowdsec.net/cti/cve-explorer/CVE-2023-47105
No detection rules found.
Nuclei
Chaosblade < 1.7.4 - Remote Code Execution
nuclei·CVSS 8.6
CVE-2023-47105 [HIGH] Chaosblade < 1.7.4 - Remote Code Execution
Chaosblade < 1.7.4 - Remote Code Execution
exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication.
Template:
id: CVE-2023-47105
info:
name: Chaosblade < 1.7.4 - Remote Code Execution
author: s4e-io
severity: high
description: |
exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication.
impact: |
This vulnerability allows unauthenticated attackers to remotely invoke the HTTP service and execute arbitrary commands on any Chaosblade instance with server mode enabled. This could lead to unauthorized access and control over the host system running Chaosblade.
remediation: Fixed in 1.7.4
reference:
- htt
2024-09-18
Published
Exploited in the wild