H3-2023-0022¶
PaperCut Arbitrary File Read and Deletion Vulnerability
| Category | VULNERABILITY |
| Base Score | 9.4 |
Description¶
PaperCut NG/MF versions <= 22.1.2 are vulnerable to multiple issues that allow unauthenticated attackers to read or delete arbitrary files hosted on the PaperCut server.
Impact¶
Determined attackers can exploit this vulnerability to access or destroy all data hosted on the PaperCut server.
References¶
- Horizon3.ai: CVE-2023-39143: PaperCut Path Traversal/File Upload RCE Vulnerability
- Horizon3.ai: Writeup for CVE-2023-39143: PaperCut WebDAV Vulnerability
- PaperCut NG/MF Security Bulletin (July 2023)
- PaperCut NG Release History
- PaperCut Common Security Questions
- Securing your PaperCut NG/MF Server
- NVD: CVE-2023-39143
- Nuclei: PaperCut < 22.1.3 - Path Traversal