CVE-2023-41599 - Vulnerability Details

Vendors	Products
Jfinalcms Project	Jfinalcms

Link	Providers
http://www.so1lupus.ltd/2023/08/28/Directory-traversal-in-JFinalCMS/

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-41599", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-09-25T15:33:56.397Z", "dateReserved": "2023-08-30T00:00:00", "datePublished": "2023-09-19T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-09-19T01:15:50.246782"}, "descriptions": [{"lang": "en", "value": "An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "http://www.so1lupus.ltd/2023/08/28/Directory-traversal-in-JFinalCMS/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:01:35.296Z"}, "title": "CVE Program Container", "references": [{"url": "http://www.so1lupus.ltd/2023/08/28/Directory-traversal-in-JFinalCMS/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-25T15:33:44.405041Z", "id": "CVE-2023-41599", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-25T15:33:56.397Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

state : PUBLISHED (string)

cveId : CVE-2023-41599 (string)

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

dateUpdated : 2024-09-25T15:33:56.397Z (string)

dateReserved : 2023-08-30T00:00:00 (string)

datePublished : 2023-09-19T00:00:00 (string)

}

containers : { »

cna : { »

providerMetadata : { »

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

dateUpdated : 2023-09-19T01:15:50.246782 (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal. (string)

}

]

affected : [ »

0 : { »

vendor : n/a (string)

product : n/a (string)

versions : [ »

0 : { »

version : n/a (string)

status : affected (string)

}

]

}

]

references : [ »

0 : { »

url : http://www.so1lupus.ltd/2023/08/28/Directory-traversal-in-JFinalCMS/ (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : text (string)

lang : en (string)

description : n/a (string)

}

]

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T19:01:35.296Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : http://www.so1lupus.ltd/2023/08/28/Directory-traversal-in-JFinalCMS/ (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-09-25T15:33:44.405041Z (string)

id : CVE-2023-41599 (string)

options : [ »

0 : { »

Exploitation : poc (string)

}

1 : { »

Automatable : yes (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-09-25T15:33:56.397Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.so1lupus.ltd/2023/08/28/Directory-traversal-in-JFinalCMS/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:01:35.296Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-41599", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-25T15:33:44.405041Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-25T15:33:51.978Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "http://www.so1lupus.ltd/2023/08/28/Directory-traversal-in-JFinalCMS/"}], "descriptions": [{"lang": "en", "value": "An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-09-19T01:15:50.246782"}}}, "cveMetadata": {"cveId": "CVE-2023-41599", "state": "PUBLISHED", "dateUpdated": "2024-09-25T15:33:56.397Z", "dateReserved": "2023-08-30T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-09-19T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : http://www.so1lupus.ltd/2023/08/28/Directory-traversal-in-JFinalCMS/ (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T19:01:35.296Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2023-41599 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : poc (string)

}

1 : { »

Automatable : yes (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-09-25T15:33:44.405041Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-09-25T15:33:51.978Z (string)

}

]

cna : { »

affected : [ »

0 : { »

vendor : n/a (string)

product : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

references : [ »

0 : { »

url : http://www.so1lupus.ltd/2023/08/28/Directory-traversal-in-JFinalCMS/ (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : text (string)

description : n/a (string)

}

]

}

]

providerMetadata : { »

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

dateUpdated : 2023-09-19T01:15:50.246782 (string)

}

cveMetadata : { »

cveId : CVE-2023-41599 (string)

state : PUBLISHED (string)

dateUpdated : 2024-09-25T15:33:56.397Z (string)

dateReserved : 2023-08-30T00:00:00 (string)

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

datePublished : 2023-09-19T00:00:00 (string)

assignerShortName : mitre (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal."}, {"lang": "es", "value": "Un problema en el componente common/DownController.java de JFinalCMS v5.0.0 permite a los atacantes ejecutar un Directory Traversal. "}], "id": "CVE-2023-41599", "lastModified": "2024-11-21T08:21:20.350", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-19T02:15:58.607", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Product"], "url": "http://www.so1lupus.ltd/2023/08/28/Directory-traversal-in-JFinalCMS/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Product"], "url": "http://www.so1lupus.ltd/2023/08/28/Directory-traversal-in-JFinalCMS/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 0813B8F4-66B1-42C6-83A7-831B13233428 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal. (string)

}

1 : { »

lang : es (string)

value : Un problema en el componente common/DownController.java de JFinalCMS v5.0.0 permite a los atacantes ejecutar un Directory Traversal. (string)

}

]

id : CVE-2023-41599 (string)

lastModified : 2024-11-21T08:21:20.350 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 5.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 1.4 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2023-09-19T02:15:58.607 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

1 : Product (string)

]

url : http://www.so1lupus.ltd/2023/08/28/Directory-traversal-in-JFinalCMS/ (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Product (string)

]

url : http://www.so1lupus.ltd/2023/08/28/Directory-traversal-in-JFinalCMS/ (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-22 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation poc

Automatable yes

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation poc

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object