PT-2024-15266 · Secure Systems Engineering · Secure Systems Engineering Connaisseur
Starkteetje
·
Published
2024-09-02
·
Updated
2024-11-01
·
CVE-2023-7279
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Secure Systems Engineering Connaisseur versions up to 3.3.0
Description
A vulnerability has been found in Secure Systems Engineering Connaisseur, affecting unknown code of the file connaisseur/res/targets schema.json of the component Delegation Name Handler. The manipulation leads to inefficient regular expression complexity. The complexity of an attack is rather high, and the exploitation appears to be difficult.
Recommendations
To address this issue, upgrade to version 3.3.1. As a temporary workaround, consider restricting access to the vulnerable component Delegation Name Handler until a patch is applied. Ensure the affected component is upgraded to mitigate the risk of exploitation.
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Secure Systems Engineering Connaisseur