CVE-2023-5588

low-risk

Published 2023-10-15

A vulnerability was found in kphrx pleroma. It has been classified as problematic. This affects the function Pleroma.Emoji.Pack of the file lib/pleroma/emoji/pack.ex. The manipulation of the argument name leads to path traversal. The complexity of an attack is rather high. The exploitability is told to be difficult. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 2c795094535537a8607cc0d3b7f076a609636f40. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-242187.

Do I need to act?

0.53% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 2.6/10 Low

ADJACENT_NETWORK / HIGH complexity

Affected Products (1)

Pleroma

Affected Vendors

Kpherox

References (8)

Patch https://github.com/kphrx/pleroma/commit/2c795094535537a8607cc0d3b7f076a609636f40

Patch https://github.com/kphrx/pleroma/pull/197

Permissions Required https://vuldb.com/?ctiid.242187

Third Party Advisory https://vuldb.com/?id.242187

Patch https://github.com/kphrx/pleroma/commit/2c795094535537a8607cc0d3b7f076a609636f40

Patch https://github.com/kphrx/pleroma/pull/197

Permissions Required https://vuldb.com/?ctiid.242187

Third Party Advisory https://vuldb.com/?id.242187

/ 100

low-risk

Severity 7/34 · Low

Exploitability 2/34 · Minimal

Exposure 5/34 · Minimal