CVE-2023-33181

EUVD-2023-37364
Xibo is a content management system (CMS). Starting in version 3.0.0 and prior to version 3.3.5, some API routes will print a stack trace when called with missing or invalid parameters revealing sensitive information about the locations of paths that the server is using. Users should upgrade to version 3.3.5, which fixes this issue. There are no known workarounds aside from upgrading.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
GitHub_MCNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
Affected Products (NVD)
VendorProductVersion
xibosignagexibo
3.0.0 ≤
𝑥
< 3.3.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://claroty.com/team82/disclosure-dashboard
https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-c9cx-ghwr-x58m
https://xibosignage.com/blog/security-advisory-2023-05/
https://claroty.com/team82/disclosure-dashboard
https://github.com/xibosignage/xibo-cms/security/advisories/GHSA-c9cx-ghwr-x58m
https://xibosignage.com/blog/security-advisory-2023-05/