SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2023-28459

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Users were able to upload crafted HTML documents that trigger the reading of arbitrary files.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 6.5		CVSS Score :
Exploit Score: 2.8		Exploit Score:
Impact Score: 3.6		Impact Score:

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: NETWORK		Access Vector:
Attack Complexity: LOW		Access Complexity:
Privileges Required: LOW		Authentication:
User Interaction: NONE		Confidentiality:
Scope: UNCHANGED		Integrity:
Confidentiality: HIGH		Availability:
Integrity: NONE
Availability: NONE

Reference:

https://github.com/pretalx/pretalx/commit/60722c43cf975f319e94102e6bff320723776890

https://github.com/pretalx/pretalx/releases/tag/v2.3.2

https://pretalx.com/p/news/security-release-232/

https://www.sonarsource.com/blog/pretalx-vulnerabilities-how-to-get-accepted-at-every-conference/


30481



423868



256610



909



199263



282