Skip to main content

CVE-2023-32315

Description

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn’t available for a specific release, or isn’t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice.

NVD
Severity: HIGH
CVE ID: CVE-2023-32315
CVSS Score: 7.5
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
GitHub, Inc.
Severity: HIGH
CVE ID: CVE-2023-32315
CVSS Score: 8.6
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Refrence: NVDMITRE

Proof Of Concept

Nuclei Templates for CVE-2023-32315
ohnonoyesyes

Refrence: GitHub

tangxiaofeng7

rce

Refrence: GitHub

5rGJ5aCh5oCq5YW9

Refrence: GitHub

miko550

Openfire Console Authentication Bypass Vulnerability with RCE plugin

Refrence: GitHub

ThatNotEasy

Perform With Massive Openfire Unauthenticated Users

Refrence: GitHub

izzz0

CVE-2023-32315-Openfire-Bypass

Refrence: GitHub

gibran-abdillah

Tool for CVE-2023-32315 exploitation

Refrence: GitHub

CN016

Openfire未授权到RCE(CVE-2023-32315)复现

Refrence: GitHub

K3ysTr0K3R

A PoC exploit for CVE-2023-32315 - Openfire Authentication Bypass

Refrence: GitHub

Content on GitHub

bingtangbanli | watchers:10

VulnerabilityTools
[CVE_2023_28432漏洞 、CVE_2023_32315漏洞、 ThinkPHP 2.x 任意代码执行漏洞 、ThinkPHP5 5.0.22/5.1.29 远程代码执行漏洞、 ThinkPHP5 5.0.23 远程代码执行漏洞 ThinkPHP 多语言本地文件包含漏洞]

Refrence: GitHub

Tags:
Last updated on by Vulnerability_bot_v1.3.9