低危 WordPress < 6.3.2 容易受到损坏的访问控制 (CVE-2023-39999)

CVE编号

CVE-2023-39999

利用情况

暂无

补丁情况

官方补丁

披露时间

2023-10-13

漏洞描述

WordPress 从6.3到6.3.1，6.2到6.2.2，6.1到6.13，6.0到6.0.5，5.9到5.9.7，5.8到5.8.7，5.7到5.7.9，5.6到5.6.11，5.5到5.5.12，5.4到5.4.13，5.3到5.3.15，5.2到5.2.18，5.1到5.1.16，5.0到5.0.19，4.9到4.9.23，4.8到4.8.22，4.7到4.7.26，4.6到4.6.26，4.5到4.5.29，4.4到4.4.30，4.3到4.3.31，4.2到4.2.35，4.1到4.1.38版本存在漏洞，可能会导致敏感信息被未授权用户获取。

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://lists.debian.org/debian-lts-announce/2023/11/msg00014.html
https://lists.fedoraproject.org/archives/list/[email protected]...
https://lists.fedoraproject.org/archives/list/[email protected]...
https://lists.fedoraproject.org/archives/list/[email protected]...
https://patchstack.com/articles/wordpress-core-6-3-2-security-update-technica...
https://patchstack.com/database/vulnerability/wordpress/wordpress-wordpress-c...

受影响软件情况

#	类型	厂商	产品	版本	影响面
1
	运行在以下环境
	应用	wordpress	wordpress	*	From (including) 4.1	Up to (including) 4.1.38
	运行在以下环境
	应用	wordpress	wordpress	*	From (including) 4.2	Up to (including) 4.2.35
	运行在以下环境
	应用	wordpress	wordpress	*	From (including) 4.3	Up to (including) 4.3.31
	运行在以下环境
	应用	wordpress	wordpress	*	From (including) 4.4	Up to (including) 4.4.30
	运行在以下环境
	应用	wordpress	wordpress	*	From (including) 4.5	Up to (including) 4.5.29
	运行在以下环境
	应用	wordpress	wordpress	*	From (including) 4.6	Up to (including) 4.6.26
	运行在以下环境
	应用	wordpress	wordpress	*	From (including) 4.7	Up to (including) 4.7.26
	运行在以下环境
	应用	wordpress	wordpress	*	From (including) 4.8	Up to (including) 4.8.22
	运行在以下环境
	应用	wordpress	wordpress	*	From (including) 4.9	Up to (including) 4.9.23
	运行在以下环境
	应用	wordpress	wordpress	*	From (including) 5.0	Up to (including) 5.0.19
	运行在以下环境
	应用	wordpress	wordpress	*	From (including) 5.1	Up to (including) 5.1.16
	运行在以下环境
	应用	wordpress	wordpress	*	From (including) 5.2	Up to (including) 5.2.18
	运行在以下环境
	应用	wordpress	wordpress	*	From (including) 5.3	Up to (including) 5.3.15
	运行在以下环境
	应用	wordpress	wordpress	*	From (including) 5.4	Up to (including) 5.4.13
	运行在以下环境
	应用	wordpress	wordpress	*	From (including) 5.5	Up to (including) 5.5.12
	运行在以下环境
	应用	wordpress	wordpress	*	From (including) 5.6	Up to (including) 5.6.11
	运行在以下环境
	应用	wordpress	wordpress	*	From (including) 5.7	Up to (including) 5.7.9
	运行在以下环境
	应用	wordpress	wordpress	*	From (including) 5.8	Up to (including) 5.8.7
	运行在以下环境
	应用	wordpress	wordpress	*	From (including) 5.9	Up to (including) 5.9.7
	运行在以下环境
	应用	wordpress	wordpress	*	From (including) 6.0	Up to (including) 6.0.5
	运行在以下环境
	应用	wordpress	wordpress	*	From (including) 6.1	Up to (including) 6.1.3
	运行在以下环境
	应用	wordpress	wordpress	*	From (including) 6.2	Up to (including) 6.2.2
	运行在以下环境
	应用	wordpress	wordpress	*	From (including) 6.3	Up to (excluding) 6.3.2
	运行在以下环境
	系统	debian_10	wordpress	*		Up to (including) 5.0.15+dfsg1-0+deb10u1
	运行在以下环境
	系统	debian_11	wordpress	*		Up to (including) 5.7.8+dfsg1-0+deb11u2
	运行在以下环境
	系统	debian_12	wordpress	*		Up to (including) 6.1.1+dfsg1-1
	运行在以下环境
	系统	debian_sid	wordpress	*		Up to (excluding) 6.3.2+dfsg1-1
	运行在以下环境
	系统	fedora_37	wordpress	*		Up to (excluding) 6.2.3-1.fc37
	运行在以下环境
	系统	fedora_38	wordpress	*		Up to (excluding) 6.3.2-1.fc38
	运行在以下环境
	系统	fedora_39	wordpress	*		Up to (excluding) 6.3.2-1.fc39
	运行在以下环境
	系统	fedora_EPEL_7	wordpress	*		Up to (excluding) 5.1.17-1.el7
	运行在以下环境
系统	fedora_EPEL_9	wordpress	*		Up to (excluding) 6.3.2-1.el9

阿里云评分 3.7

• 攻击路径 本地
• 攻击复杂度 困难
• 权限要求 管控权限
• 影响范围 有限影响
• EXP成熟度 未验证
• 补丁情况 官方补丁
• 数据保密性 无影响
• 数据完整性 无影响
• 服务器危害 无影响
• 全网数量 N/A

CWE-ID	漏洞类型
CWE-200	信息暴露
NVD-CWE-noinfo

Exp相关链接

- avd.aliyun.com