CVE-2023-43784
First published: Fri Sep 22 2023(Updated: )
** DISPUTED ** Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose component. NOTE: the vendor's position is that there is no security threat.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Plesk | =17.8.11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-43784?
The severity of CVE-2023-43784 is high.
What is Plesk Onyx 17.8.11?
Plesk Onyx 17.8.11 is a version of the Plesk control panel software.
What is the impact of CVE-2023-43784?
CVE-2023-43784 can potentially expose accessKeyId and secretAccessKey related to an Amazon AWS Firehose, leading to unauthorized access or data breaches.
How can I mitigate the vulnerability in Plesk Onyx 17.8.11?
To mitigate the vulnerability in Plesk Onyx 17.8.11, it is recommended to disable or remove the accessKeyId and secretAccessKey fields related to the Amazon AWS Firehose component.
Where can I find more information about the vulnerability?
You can find more information about the vulnerability in CVE-2023-43784 from the official Amazon IAM User Guide and the Plesk community forum.
- agent/references
- agent/author
- agent/type
- agent/severity
- agent/weakness
- agent/status
- agent/description
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- agent/event
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- status/disputed
- vendor/plesk
- canonical/plesk
- version/plesk/17.8.11