What is CVE-2023-38492?

CVE-2023-38492 is a medium-severity vulnerability in Getkirby Kirby, classified under Allocation of Resources Without Limits or Throttling. CVSS score: 5.3/10. Published 2023-07-27.

How severe is CVE-2023-38492?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Resource exhaustion in Getkirby Kirby

CVE-2023-38492

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites with user accounts (unless Kirby's API and Panel are disabled in the config). The real-world i…

EPSS: 0.001 (32.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L.

Affected products

Getkirby Kirby — versions < 3.5.8.3, >= 3.6.0, < 3.6.6.3, >= 3.7.0, < 3.7.5.2

Weakness classification (CWE)

CWE-770 — Allocation of Resources Without Limits or Throttling

References

https://github.com/getkirby/kirby/security/advisories/GHSA-3v6j-v3qc-cxff (x_refsource_CONFIRM)
https://github.com/getkirby/kirby/commit/0e10ce3b0c2b88656564b8ff518ddc99136ac43e (x_refsource_MISC)
https://github.com/getkirby/kirby/releases/tag/3.5.8.3 (x_refsource_MISC)
https://github.com/getkirby/kirby/releases/tag/3.6.6.3 (x_refsource_MISC)
https://github.com/getkirby/kirby/releases/tag/3.7.5.2 (x_refsource_MISC)
https://github.com/getkirby/kirby/releases/tag/3.8.4.1 (x_refsource_MISC)
https://github.com/getkirby/kirby/releases/tag/3.9.6 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-38492?: CVE-2023-38492 is a medium-severity vulnerability in Getkirby Kirby, classified under Allocation of Resources Without Limits or Throttling. CVSS score: 5.3/10. Published 2023-07-27.
How severe is CVE-2023-38492?: Medium severity. CVSS v3 base score is 5.3 out of 10.