CVE-2023-43661
Published: 11 October 2023
Summary
CVE-2023-43661 is a high-severity Code Injection (CWE-94) vulnerability in All-Three Cachet. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 4.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
Cachet, the open-source status page system, contains a remote code execution vulnerability in its template functionality prior to the 2.4 branch. The issue stems from inadequate input filtration combined with an outdated Twig templating engine, enabling arbitrary code execution on the server when users create or process templates. The flaw is tracked under CWE-94 and CWE-74 and carries a CVSS 3.1 base score of 8.8.
An authenticated user with template-creation privileges can exploit the weakness over the network without user interaction, resulting in full compromise of confidentiality, integrity, and availability on the affected server. The attack requires low complexity and occurs in a single privilege context.
The GitHub security advisory GHSA-hv79-p62r-wg3p and the referenced commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 document the fix that was merged into the 2.4 branch. The EPSS score has remained flat at 0.1817 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-2753
Vulnerability details
Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of…
more
the 2.4 branch contains a patch for this issue.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.
Makes persistent code injection into loaded programs impossible when the executable image itself resides on hardware-protected read-only media.
Dynamically generated code can be produced and executed inside the isolated chamber, preventing host compromise from code-injection payloads.
Validates inputs used in dynamic code generation to block injected directives.
Directly prevents execution of attacker-supplied code written into data memory regions.
Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.