CVSS 3.1 Score 4.9 of 10 (medium)


Published Nov 7, 2023
Updated: Nov 15, 2023
CWE ID 200


CVE-2023-46851 is a vulnerability that affects Apache Allura versions 1.0.1 through 1.15.0. This vulnerability allows project administrators to run imports that can cause Allura to read local files and expose them, potentially leading to session hijacking or remote code execution. To remediate this issue, users are advised to upgrade to version 1.16.0 or set "disable_entry_points.allura.importers = forge-tracker, forge-discussion" in the .ini config file if upgrading is not possible. The vulnerability has a base severity of MEDIUM and a base score of 4.9 according to NIST's analysis, which indicates a potential danger for organizations using affected versions of Apache Allura.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-46851 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options