CVE-2023-38492

Summary

CVE-2023-38492 is a vulnerability that affects the Kirby content management system. Versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 are vulnerable unless the Kirby API and Panel are disabled in the configuration settings. The vulnerability allows attackers to provide a password with a length up to the server's maximum request body length, potentially causing the website to become unresponsive or unavailable. However, the impact is limited due to Kirby's built-in brute force protection feature. It is recommended to update to one of the patch releases as they also address more severe vulnerabilities. Affected products include various versions of Kirby (gZtjK0, gZtjK1, gZtjK2, gZtjK3), as well as other related products (jDIckl, jDIckn, kmwgjb, ogvQGH, sNNi-9, ogvP4W) among others. To remediate this vulnerability, users should update their Kirby installations to one of the patch releases mentioned above (3.5.8.3, 3.6.6.3, 3.7.5.,2 3..8..4..1., and 39..96). This will address not only CVE-2023-38492 but also other potentially more severe vulnerabilities. While the real-world impact of this vulnerability is limited due to built-in protection measures in Kirby, organizations should still apply the necessary updates to ensure their systems are secure against any potential attacks exploiting this vulnerability. Overall Severity Rating: MEDIUM (CVSS:3 .1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.