[Debian-med-packaging] Bug#1040597: orthanc: CVE-2023-33466
Moritz Mühlenhoff
jmm at inutil.org
Fri Jul 7 19:59:28 BST 2023
Source: orthanc
X-Debbugs-CC: team at security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for orthanc.
CVE-2023-33466[0]:
| Orthanc before 1.12.0 allows authenticated users with access to the
| Orthanc API to overwrite arbitrary files on the file system, and in
| specific deployment scenarios allows the attacker to overwrite the
| configuration, which can be exploited to trigger Remote Code
| Execution (RCE).
https://discourse.orthanc-server.org/t/security-advisory-for-orthanc-deployments-running-versions-before-1-12-0/3568
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-33466
https://www.cve.org/CVERecord?id=CVE-2023-33466
Please adjust the affected versions in the BTS as needed.
More information about the Debian-med-packaging
mailing list