CVE-2023-7279

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published Sep 2, 2024
Updated: Sep 5, 2024
CWE ID 1333

Summary

CVE-2023-7279 is a vulnerability identified in Secure Systems Engineering Connaisseur versions up to 3.3.0, specifically affecting the Delegation Name Handler component in the file connaisseur/res/targets_schema.json. This vulnerability allows for inefficient regular expression complexity, which poses a medium severity risk, primarily due to its high attack complexity despite being exploitable over a network with no required user interaction. To mitigate this risk, users are advised to upgrade to version 3.3.1, which includes a patch identified by commit 524b73ff7306707f6d3a4d1e86401479bca91b02. Affected products include various instances of Connaisseur, with potential impacts on availability but no confidentiality or integrity risks reported. As of the latest update, the vulnerability has been classified with an exploitability score of 2.2 and a base score of 5.9 on the CVSS scale.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share