CVE-2023-45319 (GCVE-0-2023-45319)
Vulnerability from cvelistv5 – Published: 2023-11-08 15:43 – Updated: 2024-11-11 14:26
VLAI?
Title
Unauthenticated Remote Denial-of-Service (Commit) in Helix Core
Summary
In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. Reported by Jason Geffner.
Severity ?
7.5 (High)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Helix | Helix Core |
Affected:
0.0.0 , < 2023.2
(semver)
Affected: 0.0.0 , < 2023.1 Patch 2 (semver) Affected: 0.0.0 , < 2022.2 Patch 3 (semver) Affected: 0.0.0 , < 2022.1 Patch 6 (semver) Affected: 0.0.0 , < 2021.2 Patch 10 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:21:15.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://perforce.com"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:perforce:helix_core:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "helix_core",
"vendor": "perforce",
"versions": [
{
"lessThan": "2023.1\\/patch_2\\/",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2022.2\\/patch_3\\/",
"status": "affected",
"version": "0.0.0",
"versionType": "custom"
},
{
"lessThan": "2022.1\\/patch_6\\/",
"status": "affected",
"version": "0.0.0",
"versionType": "custom"
},
{
"lessThan": "2021.2\\/patch_10\\/",
"status": "affected",
"version": "0.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45319",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T14:04:31.039795Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T14:26:24.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Helix Core",
"vendor": "Helix",
"versions": [
{
"lessThan": "2023.2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2023.1 Patch 2",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.2 Patch 3",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2022.1 Patch 6",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"lessThan": "2021.2 Patch 10",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eReported by \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eJason Geffner\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. Reported by Jason Geffner.\u00a0\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-04T17:21:16.038Z",
"orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"shortName": "Perforce"
},
"references": [
{
"url": "https://perforce.com"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Remote Denial-of-Service (Commit) in Helix Core ",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e",
"assignerShortName": "Perforce",
"cveId": "CVE-2023-45319",
"datePublished": "2023-11-08T15:43:58.737Z",
"dateReserved": "2023-10-24T21:47:07.849Z",
"dateUpdated": "2024-11-11T14:26:24.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:perforce:helix_core:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2023.2\", \"matchCriteriaId\": \"A3D3C9B0-BDEA-4021-A6E5-22584345FD82\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. Reported by Jason Geffner.\\u00a0\\n\"}, {\"lang\": \"es\", \"value\": \"En las versiones de Helix Core anteriores a 2023.2, se identific\\u00f3 una Denegaci\\u00f3n de Servicio (DoS) remota no autenticada a trav\\u00e9s de la funci\\u00f3n commit. Reportado por Jason Geffner.\"}]",
"id": "CVE-2023-45319",
"lastModified": "2024-11-21T08:26:44.347",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security@puppet.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2023-11-08T16:15:10.000",
"references": "[{\"url\": \"https://perforce.com\", \"source\": \"security@puppet.com\", \"tags\": [\"Product\"]}, {\"url\": \"https://perforce.com\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}]",
"sourceIdentifier": "security@puppet.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security@puppet.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-400\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-400\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-45319\",\"sourceIdentifier\":\"security@puppet.com\",\"published\":\"2023-11-08T16:15:10.000\",\"lastModified\":\"2024-11-21T08:26:44.347\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. Reported by Jason Geffner.\u00a0\\n\"},{\"lang\":\"es\",\"value\":\"En las versiones de Helix Core anteriores a 2023.2, se identific\u00f3 una Denegaci\u00f3n de Servicio (DoS) remota no autenticada a trav\u00e9s de la funci\u00f3n commit. Reportado por Jason Geffner.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@puppet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@puppet.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:perforce:helix_core:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2023.2\",\"matchCriteriaId\":\"A3D3C9B0-BDEA-4021-A6E5-22584345FD82\"}]}]}],\"references\":[{\"url\":\"https://perforce.com\",\"source\":\"security@puppet.com\",\"tags\":[\"Product\"]},{\"url\":\"https://perforce.com\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://perforce.com\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T20:21:15.407Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-45319\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-04T14:04:31.039795Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:perforce:helix_core:-:*:*:*:*:*:*:*\"], \"vendor\": \"perforce\", \"product\": \"helix_core\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2023.1\\\\/patch_2\\\\/\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"2022.2\\\\/patch_3\\\\/\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"2022.1\\\\/patch_6\\\\/\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"2021.2\\\\/patch_10\\\\/\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400 Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-04T14:10:08.896Z\"}}], \"cna\": {\"title\": \"Unauthenticated Remote Denial-of-Service (Commit) in Helix Core \", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Helix\", \"product\": \"Helix Core\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"2023.2\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"2023.1 Patch 2\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"2022.2 Patch 3\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"2022.1 Patch 6\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"2021.2 Patch 10\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://perforce.com\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. Reported by Jason Geffner.\\u00a0\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eIn Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. \u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eReported by \u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eJason Geffner\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e.\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400 Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e\", \"shortName\": \"Perforce\", \"dateUpdated\": \"2024-01-04T17:21:16.038Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-45319\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-11T14:26:24.503Z\", \"dateReserved\": \"2023-10-24T21:47:07.849Z\", \"assignerOrgId\": \"ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e\", \"datePublished\": \"2023-11-08T15:43:58.737Z\", \"assignerShortName\": \"Perforce\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…