Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:engelsystem:engelsystem:3.4.1:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-45659 |
Engelsystem is a shift planning system for chaos events. If a users' password is compromised and an attacker gained access to a users' account, i.e., logged in and obtained a session, an attackers' session is not terminated if the users' account password is reset. This vulnerability has been fixed in the commit `dbb089315ff3d`. Users are advised to update their installations. There are no known workarounds for this vulnerability. Published: October 16, 2023; 8:15:11 PM -0400 |
V3.1: 2.8 LOW V2.0:(not available) |
CVE-2023-45152 |
Engelsystem is a shift planning system for chaos events. A Blind SSRF in the "Import schedule" functionality makes it possible to perform a port scan against the local environment. This vulnerability has been fixed in commit ee7d30b33. If a patch cannot be deployed, operators should ensure that no HTTP(s) services listen on localhost and/or systems only reachable from the host running the engelsystem software. If such services are necessary, they should utilize additional authentication. Published: October 16, 2023; 8:15:11 PM -0400 |
V3.1: 2.3 LOW V2.0:(not available) |