PT-2023-29650 · Cfengine · Cfengine Enterprise
Chad Deguira
+1
·
Published
2023-11-14
·
Updated
2026-01-08
·
CVE-2023-45684
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
CFEngine Enterprise versions 3.6.0 through 3.18.5
CFEngine Enterprise versions 3.21.0 through 3.21.2
Description
The issue is a SQL Injection vulnerability in the Mission Portal login page of the CFEngine hub. This vulnerability allows for SQL Injection attacks.
Recommendations
For CFEngine Enterprise versions 3.6.0 through 3.18.5, update to version 3.18.6.
For CFEngine Enterprise versions 3.21.0 through 3.21.2, update to version 3.21.3.
As a temporary workaround, consider restricting access to the Mission Portal login page until a patch is applied.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cfengine Enterprise