CVE-2023-25759

CVSS V2 None CVSS V3 None

Description

OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request payload.

Overview

CVE ID
CVE-2023-25759

Assigner
cve@mitre.org

Vulnerability Status
Undergoing Analysis

Published Version
2023-04-19T12:15:08

Last Modified Date
2023-04-19T12:39:28

References

Reference URL	Reference Tags
https://tripleplay.tv
https://tripleplay.tv/wp-content/uploads/2023/03/CVE-2023-25759-Summary.pdf

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-25759
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25759

History

Created	Old Value	New Value	Data Type	Notes
2023-04-19 13:01:27				Added to TrackCVE
2023-04-25 13:01:19	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated