CVE Catalog

CVE-2023-3566

LowCVSS 3.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
1.10%

61th percentile — higher than 61% of all known CVEs

Summary

A vulnerability was found in wallabag 2.5.4 related to an unknown functionality of the file /config of the Profile Config component. Manipulation of the argument Name leads to resource allocation.

Risk Assessment

Exploitation of this vulnerability may lead to unauthorized access to system resources, posing a risk to the organization's security.

Recommendation

It is recommended to update to the latest version of wallabag and monitor the system for unauthorized activities.

Original NVD description (English source)

A vulnerability was found in wallabag 2.5.4. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /config of the component Profile Config. The manipulation of the argument Name leads to allocation of resources. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-233359. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS