CVE-2023-0093
CVSS V2 None
CVSS V3 None
Description
Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need to phish the user to enter an attacker controlled server URL during enrollment.
Overview
- CVE ID
- CVE-2023-0093
- Assigner
- psirt@okta.com
- Vulnerability Status
- Analyzed
- Published Version
- 2023-03-06T21:15:10
- Last Modified Date
- 2023-03-13T15:25:50
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:okta:advanced_server_access:*:*:*:*:*:*:*:* | 1 | OR | 1.13.1 | 1.68.2 |
References
| Reference URL | Reference Tags |
|---|---|
| https://trust.okta.com/security-advisories/okta-advanced-server-access-client-cve-2023-0093/ | Vendor Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-0093 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0093 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 06:00:06 | Added to TrackCVE | |||
| 2023-04-17 06:00:07 | Weakness Enumeration | new |