CVE-2023-42222
First published: Thu Sep 28 2023(Updated: )
WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Webcatalog | <49.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-42222?
CVE-2023-42222 is a vulnerability in WebCatalog versions before 49.0 that allows for Incorrect Access Control.
What is the severity of CVE-2023-42222?
CVE-2023-42222 has a severity rating of high (8.8).
How does CVE-2023-42222 affect WebCatalog?
CVE-2023-42222 affects WebCatalog versions before 49.0 by allowing the Electron shell.openExternal function to be called without verifying the URL is for an http or https resource.
How can I fix CVE-2023-42222?
To fix CVE-2023-42222, users should update their WebCatalog software to version 49.0 or higher.
Where can I find more information about CVE-2023-42222?
More information about CVE-2023-42222 can be found at the following references: - GitHub: https://github.com/itssixtyn3in/CVE-2023-42222 - WebCatalog Changelog: https://webcatalog.io/changelog/ - ElectronJS Security Tutorial: https://www.electronjs.org/docs/latest/tutorial/security#15-do-not-use-shellopenexternal-with-untrusted-content
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/first-publish-date
- agent/description
- agent/event
- agent/last-modified-date
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/author
- vendor/webcatalog
- canonical/webcatalog