CVE-2023-27292
Published: 28 February 2023
Summary
CVE-2023-27292 is a medium-severity Open Redirect (CWE-601) vulnerability in Opencats Opencats. Its CVSS base score is 5.4 (Medium).
Operationally, ranked in the top 18.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2023-27292 is an open redirect vulnerability in OpenCATS that leads to template injection because of improper validation of user-supplied GET parameters. The flaw is tracked under CWE-601 and carries a CVSS 3.1 score of 5.4 reflecting network attack vector, low complexity, low privileges required, and required user interaction with changed scope.
An attacker who can supply crafted GET parameters to an affected OpenCATS instance may leverage the open redirect to trigger template injection, resulting in limited impacts to confidentiality and integrity.
The EPSS score for this CVE rose from a low baseline to a peak of 0.0774 on 2025-12-11 before receding to the current value of 0.0147, indicating a period of increased exploitation interest after disclosure. Further details are available in the Tenable research report at https://www.tenable.com/security/research/tra-2023-8.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-31070
Vulnerability details
An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.