Login Sign Up

CVE-2023-39691

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

This vulnerability in kodbox allows attackers to create administrator accounts without authentication via specially crafted GET requests. Any system running vulnerable versions of kodbox is affected, potentially giving attackers full control over the application.

💻 Affected Systems

Products:
  • kodbox
Versions: through version 1.43
Operating Systems: All platforms running kodbox
Default Config Vulnerable: ⚠️ Yes
Notes: All installations up to version 1.43 are vulnerable regardless of configuration.

📦 What is this software?

Kodbox by Kodcloud

View all CVEs affecting Kodbox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the kodbox instance with attacker gaining administrative privileges, leading to data theft, system takeover, and potential lateral movement.

🟠

Likely Case

Attackers create backdoor admin accounts to maintain persistent access, exfiltrate sensitive files, and modify system configurations.

🟢

If Mitigated

Limited impact if network segmentation prevents external access and strong authentication controls are in place.

🌐 Internet-Facing: HIGH - Directly exploitable via HTTP requests without authentication, making internet-facing instances immediate targets.
🏢 Internal Only: HIGH - Even internal instances are vulnerable to insider threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only a crafted HTTP GET request, making it trivial for attackers with network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 1.44 or later

Vendor Advisory: https://github.com/kalcaddle/kodbox

Restart Required: No

Instructions:

1. Backup your kodbox installation and data. 2. Download the latest version from the official repository. 3. Replace the existing installation files with the updated version. 4. Verify the update by checking the version number.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict network access to kodbox instances using firewall rules

iptables -A INPUT -p tcp --dport 80 -s trusted_ip_range -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s trusted_ip_range -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

Web Application Firewall

all

Deploy WAF rules to block suspicious GET requests targeting admin account creation

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate kodbox instances from untrusted networks
  • Enable detailed logging and monitoring for suspicious admin account creation activities

🔍 How to Verify

Check if Vulnerable:

Check if kodbox version is 1.43 or earlier by examining the version file or admin panel

Check Version:

grep -r 'version' /path/to/kodbox/installation/ | grep -i '1\.4[0-3]'

Verify Fix Applied:

Confirm version is 1.44 or later and test that admin account creation requires proper authentication

📡 Detection & Monitoring

Log Indicators:

  • Unusual GET requests to admin/user creation endpoints
  • New admin accounts created from unexpected IP addresses
  • Multiple failed login attempts followed by successful admin creation

Network Indicators:

  • HTTP GET requests with suspicious parameters to kodbox admin endpoints
  • Traffic patterns showing admin account creation from external sources

SIEM Query:

source="web_logs" AND (uri="*admin*" OR uri="*user*create*") AND method="GET" AND status=200

📊 Metadata

CVE ID: CVE-2023-39691
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: January 16, 2024
Last Updated: June 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON