CVE-2023-38692
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-38692
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-38692.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-38692
- Aliases
-
- GHSA-7wrc-f42m-9v5w
- Published
- 2023-08-04T17:22:39Z
- Modified
- 2025-10-30T20:21:40.927292Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Command injection vulnerability in module management function in CloudExplorer Lite
- Details
-
CloudExplorer Lite is an open source, lightweight cloud management platform. Versions prior to 1.3.1 contain a command injection vulnerability in the installation function in module management. The vulnerability has been fixed in v1.3.1. There are no known workarounds aside from upgrading.
- Database specific
{ "cwe_ids": [ "CWE-78" ] }- References
-
- https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/blob/v1.3.0/framework/management-center/backend/src/main/java/com/fit2cloud/controller/ModuleManageController.java
- https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/releases/tag/v1.3.1
- https://github.com/CloudExplorer-Dev/CloudExplorer-Lite/security/advisories/GHSA-7wrc-f42m-9v5w
Affected packages
Git / github.com/cloudexplorer-dev/cloudexplorer-lite
Affected versions
v0.*
v0.1
v0.2.0
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v1.*
v1.0.0
v1.0.1
v1.1.0
v1.2.0
v1.3.0
Database specific
vanir_signatures
[
{
"id": "CVE-2023-38692-01706363",
"source": "https://github.com/cloudexplorer-dev/cloudexplorer-lite/commit/979313e6482776ceabd4a11826ceadd365ff16dc",
"signature_type": "Line",
"target": {
"file": "services/vm-service/backend/src/main/java/com/fit2cloud/provider/impl/proxmox/util/MappingUtil.java"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"72958252095804800244958242272158981739",
"252721935288580094235022299725520647371",
"39071595825185798700529216863179136991",
"164011506452325127186904848201218370911",
"277492217978036439434487983801460969177",
"113700882711886058536310994182406963377",
"339487948216812093660448187557831606010",
"249159489610744054233937697697874999414"
],
"threshold": 0.9
}
},
{
"id": "CVE-2023-38692-0f398fa0",
"source": "https://github.com/cloudexplorer-dev/cloudexplorer-lite/commit/979313e6482776ceabd4a11826ceadd365ff16dc",
"signature_type": "Line",
"target": {
"file": "services/vm-service/backend/src/main/java/com/fit2cloud/provider/impl/proxmox/api/SyncApi.java"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"line_hashes": [
"253660695490929046147969088787679577754",
"58972518012307241043379274594178791212",
"117307957209062536725248668091642741449",
"202143810589741899900326034187876851911"
],
"threshold": 0.9
}
},
{
"id": "CVE-2023-38692-1ebf025d",
"source": "https://github.com/cloudexplorer-dev/cloudexplorer-lite/commit/979313e6482776ceabd4a11826ceadd365ff16dc",
"signature_type": "Function",
"target": {
"file": "services/vm-service/backend/src/main/java/com/fit2cloud/provider/impl/proxmox/api/SyncApi.java",
"function": "getF2CVirtualMachineById"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 362.0,
"function_hash": "142351393510384714093803701412222086364"
}
},
{
"id": "CVE-2023-38692-e7e984a4",
"source": "https://github.com/cloudexplorer-dev/cloudexplorer-lite/commit/979313e6482776ceabd4a11826ceadd365ff16dc",
"signature_type": "Function",
"target": {
"file": "services/vm-service/backend/src/main/java/com/fit2cloud/provider/impl/proxmox/util/MappingUtil.java",
"function": "toF2CVirtualMachine"
},
"deprecated": false,
"signature_version": "v1",
"digest": {
"length": 1889.0,
"function_hash": "249173719826049096637626567998334280261"
}
}
]