PT-2023-4921 · Artbees · Artbees Jupiterx Core

Rafie Muhammad

Published

2023-08-25

Updated

2024-06-24

CVE-2023-38389

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Artbees JupiterX Core versions n/a through 3.3.8

Description The issue is related to incorrect authorization in Artbees JupiterX Core, allowing access to functionality not properly constrained by ACLs. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. Approximately 4,731,865 results are affected, and around 180,000 Wordpress sites are infected.

Recommendations For Artbees JupiterX Core versions n/a through 3.3.8, update to a version later than 3.3.8 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable functionality until a patch is available. Avoid using the vulnerable plugin until the issue is resolved.

Exploit

Fix

Incorrect Authorization

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-269

Related Identifiers

BDU:2023-05433

CVE-2023-38389

Affected Products

Artbees Jupiterx Core

PT-2023-4921 · Artbees · Artbees Jupiterx Core

CVE-2023-38389

Weakness Enumeration

Related Identifiers

Affected Products

References · 20