CVE-2023-5104 - Vulnerability Details

Vendors	Products
Nocodb	Nocodb
Xgenecloud	Nocodb

Link	Providers
https://github.com/nocodb/nocodb/commit/db0385cb8aab2a34e233454607f59152ac62b3e2
https://huntr.dev/bounties/1b5c6d9f-941e-4dd7-a964-42b53d6826b0

Type	Values Removed	Values Added
First Time appeared		Nocodb Nocodb nocodb
CPEs		cpe:2.3:a:nocodb:nocodb::::::::
Vendors & Products		Nocodb Nocodb nocodb
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5104", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntrdev", "dateReserved": "2023-09-21T08:44:05.527Z", "datePublished": "2023-09-21T08:44:16.801Z", "dateUpdated": "2024-09-24T16:37:13.074Z"}, "containers": {"cna": {"title": "Improper Input Validation in nocodb/nocodb", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev", "dateUpdated": "2023-09-21T08:44:16.801Z"}, "descriptions": [{"lang": "en", "value": "Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0."}], "affected": [{"vendor": "nocodb", "product": "nocodb/nocodb", "versions": [{"version": "unspecified", "lessThan": "0.96.0", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.dev/bounties/1b5c6d9f-941e-4dd7-a964-42b53d6826b0"}, {"url": "https://github.com/nocodb/nocodb/commit/db0385cb8aab2a34e233454607f59152ac62b3e2"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "baseScore": 5.7, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-20 Improper Input Validation", "cweId": "CWE-20"}]}], "source": {"advisory": "1b5c6d9f-941e-4dd7-a964-42b53d6826b0", "discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:44:53.785Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.dev/bounties/1b5c6d9f-941e-4dd7-a964-42b53d6826b0", "tags": ["x_transferred"]}, {"url": "https://github.com/nocodb/nocodb/commit/db0385cb8aab2a34e233454607f59152ac62b3e2", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "nocodb", "product": "nocodb", "cpes": ["cpe:2.3:a:nocodb:nocodb:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "0.96.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-24T16:35:44.142332Z", "id": "CVE-2023-5104", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-24T16:37:13.074Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2023-5104 (string)

assignerOrgId : c09c270a-b464-47c1-9133-acb35b22c19a (string)

state : PUBLISHED (string)

assignerShortName : @huntrdev (string)

dateReserved : 2023-09-21T08:44:05.527Z (string)

datePublished : 2023-09-21T08:44:16.801Z (string)

dateUpdated : 2024-09-24T16:37:13.074Z (string)

}

containers : { »

cna : { »

title : Improper Input Validation in nocodb/nocodb (string)

providerMetadata : { »

orgId : c09c270a-b464-47c1-9133-acb35b22c19a (string)

shortName : @huntrdev (string)

dateUpdated : 2023-09-21T08:44:16.801Z (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0. (string)

}

]

affected : [ »

0 : { »

vendor : nocodb (string)

product : nocodb/nocodb (string)

versions : [ »

0 : { »

version : unspecified (string)

lessThan : 0.96.0 (string)

status : affected (string)

versionType : custom (string)

}

]

}

]

references : [ »

0 : { »

url : https://huntr.dev/bounties/1b5c6d9f-941e-4dd7-a964-42b53d6826b0 (string)

}

1 : { »

url : https://github.com/nocodb/nocodb/commit/db0385cb8aab2a34e233454607f59152ac62b3e2 (string)

}

]

metrics : [ »

0 : { »

cvssV3_0 : { »

version : 3.0 (string)

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H (string)

baseScore : 5.7 (number)

baseSeverity : MEDIUM (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

type : CWE (string)

lang : en (string)

description : CWE-20 Improper Input Validation (string)

cweId : CWE-20 (string)

}

]

}

]

source : { »

advisory : 1b5c6d9f-941e-4dd7-a964-42b53d6826b0 (string)

discovery : EXTERNAL (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T07:44:53.785Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://huntr.dev/bounties/1b5c6d9f-941e-4dd7-a964-42b53d6826b0 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://github.com/nocodb/nocodb/commit/db0385cb8aab2a34e233454607f59152ac62b3e2 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

}

1 : { »

affected : [ »

0 : { »

vendor : nocodb (string)

product : nocodb (string)

cpes : [ »

0 : cpe:2.3:a:nocodb:nocodb:*:*:*:*:*:*:*:* (string)

]

defaultStatus : unknown (string)

versions : [ »

0 : { »

version : 0 (string)

status : affected (string)

lessThan : 0.96.0 (string)

versionType : custom (string)

}

]

}

]

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2024-09-24T16:35:44.142332Z (string)

id : CVE-2023-5104 (string)

options : [ »

0 : { »

Exploitation : poc (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-09-24T16:37:13.074Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.dev/bounties/1b5c6d9f-941e-4dd7-a964-42b53d6826b0", "tags": ["x_transferred"]}, {"url": "https://github.com/nocodb/nocodb/commit/db0385cb8aab2a34e233454607f59152ac62b3e2", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:44:53.785Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-5104", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-24T16:35:44.142332Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:nocodb:nocodb:*:*:*:*:*:*:*:*"], "vendor": "nocodb", "product": "nocodb", "versions": [{"status": "affected", "version": "0", "lessThan": "0.96.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-24T16:37:04.077Z"}}], "cna": {"title": "Improper Input Validation in nocodb/nocodb", "source": {"advisory": "1b5c6d9f-941e-4dd7-a964-42b53d6826b0", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "nocodb", "product": "nocodb/nocodb", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "0.96.0", "versionType": "custom"}]}], "references": [{"url": "https://huntr.dev/bounties/1b5c6d9f-941e-4dd7-a964-42b53d6826b0"}, {"url": "https://github.com/nocodb/nocodb/commit/db0385cb8aab2a34e233454607f59152ac62b3e2"}], "descriptions": [{"lang": "en", "value": "Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev", "dateUpdated": "2023-09-21T08:44:16.801Z"}}}, "cveMetadata": {"cveId": "CVE-2023-5104", "state": "PUBLISHED", "dateUpdated": "2024-09-24T16:37:13.074Z", "dateReserved": "2023-09-21T08:44:05.527Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2023-09-21T08:44:16.801Z", "assignerShortName": "@huntrdev"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://huntr.dev/bounties/1b5c6d9f-941e-4dd7-a964-42b53d6826b0 (string)

tags : [ »

0 : x_transferred (string)

]

}

1 : { »

url : https://github.com/nocodb/nocodb/commit/db0385cb8aab2a34e233454607f59152ac62b3e2 (string)

tags : [ »

0 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-02T07:44:53.785Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2023-5104 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : poc (string)

}

1 : { »

Automatable : no (string)

}

2 : { »

Technical Impact : partial (string)

}

]

version : 2.0.3 (string)

timestamp : 2024-09-24T16:35:44.142332Z (string)

}

]

affected : [ »

0 : { »

cpes : [ »

0 : cpe:2.3:a:nocodb:nocodb:*:*:*:*:*:*:*:* (string)

]

vendor : nocodb (string)

product : nocodb (string)

versions : [ »

0 : { »

status : affected (string)

version : 0 (string)

lessThan : 0.96.0 (string)

versionType : custom (string)

}

]

defaultStatus : unknown (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2024-09-24T16:37:04.077Z (string)

}

]

cna : { »

title : Improper Input Validation in nocodb/nocodb (string)

source : { »

advisory : 1b5c6d9f-941e-4dd7-a964-42b53d6826b0 (string)

discovery : EXTERNAL (string)

}

metrics : [ »

0 : { »

cvssV3_0 : { »

scope : UNCHANGED (string)

version : 3.0 (string)

baseScore : 5.7 (number)

attackVector : NETWORK (string)

baseSeverity : MEDIUM (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H (string)

integrityImpact : NONE (string)

userInteraction : REQUIRED (string)

attackComplexity : LOW (string)

availabilityImpact : HIGH (string)

privilegesRequired : LOW (string)

confidentialityImpact : NONE (string)

}

]

affected : [ »

0 : { »

vendor : nocodb (string)

product : nocodb/nocodb (string)

versions : [ »

0 : { »

status : affected (string)

version : unspecified (string)

lessThan : 0.96.0 (string)

versionType : custom (string)

}

]

}

]

references : [ »

0 : { »

url : https://huntr.dev/bounties/1b5c6d9f-941e-4dd7-a964-42b53d6826b0 (string)

}

1 : { »

url : https://github.com/nocodb/nocodb/commit/db0385cb8aab2a34e233454607f59152ac62b3e2 (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-20 (string)

description : CWE-20 Improper Input Validation (string)

}

]

}

]

providerMetadata : { »

orgId : c09c270a-b464-47c1-9133-acb35b22c19a (string)

shortName : @huntrdev (string)

dateUpdated : 2023-09-21T08:44:16.801Z (string)

}

cveMetadata : { »

cveId : CVE-2023-5104 (string)

state : PUBLISHED (string)

dateUpdated : 2024-09-24T16:37:13.074Z (string)

dateReserved : 2023-09-21T08:44:05.527Z (string)

assignerOrgId : c09c270a-b464-47c1-9133-acb35b22c19a (string)

datePublished : 2023-09-21T08:44:16.801Z (string)

assignerShortName : @huntrdev (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xgenecloud:nocodb:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF4594AD-B668-43AA-8A82-BFB6DD12CC29", "versionEndExcluding": "0.96.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0."}, {"lang": "es", "value": "Validaci\u00f3n de Entrada Incorrecta en el repositorio de GitHub nocodb/nocodb anterior a 0.96.0."}], "id": "CVE-2023-5104", "lastModified": "2024-11-21T08:41:04.137", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-21T09:15:10.063", "references": [{"source": "security@huntr.dev", "tags": ["Patch"], "url": "https://github.com/nocodb/nocodb/commit/db0385cb8aab2a34e233454607f59152ac62b3e2"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/1b5c6d9f-941e-4dd7-a964-42b53d6826b0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/nocodb/nocodb/commit/db0385cb8aab2a34e233454607f59152ac62b3e2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/1b5c6d9f-941e-4dd7-a964-42b53d6826b0"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security@huntr.dev", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:xgenecloud:nocodb:*:*:*:*:*:*:*:* (string)

matchCriteriaId : BF4594AD-B668-43AA-8A82-BFB6DD12CC29 (string)

versionEndExcluding : 0.96.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0. (string)

}

1 : { »

lang : es (string)

value : Validación de Entrada Incorrecta en el repositorio de GitHub nocodb/nocodb anterior a 0.96.0. (string)

}

]

id : CVE-2023-5104 (string)

lastModified : 2024-11-21T08:41:04.137 (string)

metrics : { »

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 5.7 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 2.1 (number)

impactScore : 3.6 (number)

source : security@huntr.dev (string)

type : Secondary (string)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 6.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : NONE (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2023-09-21T09:15:10.063 (string)

references : [ »

0 : { »

source : security@huntr.dev (string)

tags : [ »

0 : Patch (string)

]

url : https://github.com/nocodb/nocodb/commit/db0385cb8aab2a34e233454607f59152ac62b3e2 (string)

}

1 : { »

source : security@huntr.dev (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

2 : Third Party Advisory (string)

]

url : https://huntr.dev/bounties/1b5c6d9f-941e-4dd7-a964-42b53d6826b0 (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

]

url : https://github.com/nocodb/nocodb/commit/db0385cb8aab2a34e233454607f59152ac62b3e2 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

2 : Third Party Advisory (string)

]

url : https://huntr.dev/bounties/1b5c6d9f-941e-4dd7-a964-42b53d6826b0 (string)

}

]

sourceIdentifier : security@huntr.dev (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-20 (string)

}

]

source : security@huntr.dev (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-20 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object