Firefly III vulnerable to improper input validation · CVE-2023-1789 · GitHub Advisory Database · GitHub

Firefly III vulnerable to improper input validation

Moderate severity GitHub Reviewed Published Apr 1, 2023 to the GitHub Advisory Database • Updated Apr 15, 2023

Package

grumpydictator/firefly-iii (Composer)

Affected versions

< 6.0.0

Patched versions

6.0.0

Description

Firefly III versions prior to 6.0.0 are vulnerable to improper input validation.

References

Published by the National Vulnerability Database

Apr 1, 2023

Published to the GitHub Advisory Database Apr 1, 2023

Reviewed Apr 3, 2023

Last updated Apr 15, 2023

Severity

Moderate

5.9

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

High

User interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L