Vulnerabilities > CVE-2023-42361 - Server-Side Request Forgery (SSRF) vulnerability in Midori-Global Better PDF Exporter 10.0.0

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

midori-global

CWE-918

NVD

Published: 2023-11-07

Updated: 2023-11-15

Summary

Local File Inclusion vulnerability in Midori-global Better PDF Exporter for Jira Server and Jira Data Center v.10.3.0 and before allows an attacker to view arbitrary files and cause other impacts via use of crafted image during PDF export.

Vulnerable Configurations

Part	Description	Count
Application	Midori-Global Midori Global Better PDF Exporter 10.0.0	2

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://marketplace.atlassian.com/apps/5167/better-pdf-exporter-for-jira?tab=versions&hosting=server
https://marketplace.atlassian.com/apps/5167/better-pdf-exporter-for-jira?tab=versions&hosting=datacenter
https://gccybermonks.com/posts/pdfjira/