CVE-2023-6383
Debug Log Manager < 2.3.0 - Sensitive Logs Exposure
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive data
El complemento Debug Log Manager de WordPress anterior a 2.3.0 contiene una vulnerabilidad de listado de directorio que le permite descargar el registro de depuraciĆ³n sin autorizaciĆ³n y obtener acceso a datos confidenciales.
The Debug Log Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.2 due to directory listing allowed in the folder housing debug logs. This makes it possible for unauthenticated attackers to extract data from debug logs.
*Credits:
Dmitrii Ignatyev, WPScan
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-11-29 CVE Reserved
- 2023-12-13 CVE Published
- 2024-01-12 EPSS Updated
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-862: Missing Authorization
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://wpscan.com/vulnerability/eae63103-3de6-4100-8f48-2bcf9a5c91fb | 2024-08-02 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Bowo Search vendor "Bowo" | Debug Log Manager Search vendor "Bowo" for product "Debug Log Manager" | < 2.3.0 Search vendor "Bowo" for product "Debug Log Manager" and version " < 2.3.0" | wordpress |
Affected
|