Lucene search

K
alpinelinuxAlpine Linux Development TeamALPINE:CVE-2023-38633
HistoryJul 22, 2023 - 5:15 p.m.

CVE-2023-38633

2023-07-2217:15:09
Alpine Linux Development Team
security.alpinelinux.org
11
directory traversal
librsvg
disclosure
url decoding
remote attackers
local attackers
xi:include
filesystem
etc/passwd

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.4 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.3%

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=“.?../…/…/…/…/…/…/…/…/…/etc/passwd” in an xi:include element.

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.4 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.3%