CVE-2023-38492

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jul 27, 2023
Updated: Aug 3, 2023
CWE ID 770

Summary

CVE-2023-38492 is a vulnerability that affects the Kirby content management system. Versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 are vulnerable unless the Kirby API and Panel are disabled in the configuration settings. The vulnerability allows attackers to provide a password with a length up to the server's maximum request body length, potentially causing the website to become unresponsive or unavailable. However, the impact is limited due to Kirby's built-in brute force protection feature. It is recommended to update to one of the patch releases as they also address more severe vulnerabilities. Affected products include various versions of Kirby (gZtjK0, gZtjK1, gZtjK2, gZtjK3), as well as other related products (jDIckl, jDIckn, kmwgjb, ogvQGH, sNNi-9, ogvP4W) among others. To remediate this vulnerability, users should update their Kirby installations to one of the patch releases mentioned above (3.5.8.3, 3.6.6.3, 3.7.5.,2 3..8..4..1., and 39..96). This will address not only CVE-2023-38492 but also other potentially more severe vulnerabilities. While the real-world impact of this vulnerability is limited due to built-in protection measures in Kirby, organizations should still apply the necessary updates to ensure their systems are secure against any potential attacks exploiting this vulnerability. Overall Severity Rating: MEDIUM (CVSS:3 .1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-38492 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options