cbcvebase.
CVE-2023-47105
published 2024-09-18

CVE-2023-47105: exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication.

PriorityP182high8.6CVSS 3.1
AVNACLPRNUINSUCLIHAL
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.67%
73.9th percentile
exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication.

Affected

1 ranges
VendorProductVersion rangeFixed in
github.comchaosblade-io_chaosblade>= 0.0.3 < 1.7.41.7.4

Detection & IOCsextracted from sources · hover to see the quote

url/chaosblade?cmd=$(id)
path/chaosblade
  • Detect unauthenticated GET requests to /chaosblade endpoint with a 'cmd' parameter containing shell command substitution syntax (e.g., $(...) or backticks), indicating exploitation of CVE-2023-47105.
  • A successful probe response will return HTTP 200 with body containing 'uid=', 'code', 'success":false', and 'error' — match all four strings together to confirm vulnerable/exploited instance.
  • The vulnerability is only exploitable when Chaosblade is running in server mode; focus detection on hosts exposing the /chaosblade HTTP endpoint without authentication.
  • ·Affected version range is 0.3 through 1.7.3; the vulnerability is fixed in 1.7.4. Only instances running in server mode are exploitable.

CVSS provenance

nvdv3.18.6HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L
vulncheck8.6HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.