CVE-2023-45383 : Security Advisory and Response

A security vulnerability has been identified in the module "SoNice etiquetage" from Common-Services for PrestaShop, allowing a guest to download personal information through a path traversal attack.

Understanding CVE-2023-45383

This CVE identifies a flaw in the SoNice etiquetage module up to version 2.5.9, enabling unauthorized access to sensitive data.

What is CVE-2023-45383?

The vulnerability in the module allows a guest to perform a path traversal attack, bypassing permissions control to view all files on the information system.

The Impact of CVE-2023-45383

Exploitation of this vulnerability could lead to unauthorized access to sensitive personal information stored on the system, potentially compromising user privacy and security.

Technical Details of CVE-2023-45383

The technical details of the CVE-2023-45383 vulnerability are as follows:

Vulnerability Description

An unauthorized guest can exploit the lack of permissions control and path name construction flaws to download personal information.

Affected Systems and Versions

The SoNice etiquetage module up to version 2.5.9 from Common-Services for PrestaShop is affected by this vulnerability.

Exploitation Mechanism

By performing a path traversal attack, a guest can bypass restrictions and access personal information stored on the system.

Mitigation and Prevention

To mitigate the risks associated with CVE-2023-45383, the following steps can be taken:

Immediate Steps to Take

Disable or remove the SoNice etiquetage module if not essential for operations.
Monitor system logs for any unusual file access attempts.

Long-Term Security Practices

Implement strong permissions control and access restrictions.
Regularly update and patch software to address known vulnerabilities.

Patching and Updates

Ensure that the SoNice etiquetage module is updated to a secure version that addresses the path traversal vulnerability.