CVE-2023-45684

Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. The fixed versions are 3.18.6 and 3.21.3. The earliest affected version is 3.6.0. The issue is in the Mission Portal login page in the CFEngine hub.

Published: Nov 14, 2023
Updated: Nov 21, 2023
CVE: CVE-2023-45684
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
northern.tech / cfengine	-	3.18.6
northern.tech / cfengine	3.19.0	3.21.3

https://cfengine.com/blog/2023/cve-2023-45684/

Vulnerability Database

289,871

CVE-2023-45684