Lucene search

[email protected]CVE-2023-28795

HistoryOct 23, 2023 - 2:15 p.m.

CVE-2023-28795

2023-10-2314:15:09

CWE-346

[email protected]

web.nvd.nist.gov

zscaler

client connector

linux

origin validation error

cve-2023-28795

vulnerability

security

code inclusion

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.

Affected configurations

NVD

Node

zscalerclient_connectorRange<1.3.1.6linux

CPENameOperatorVersion
zscaler:client_connectorzscaler client connectorlt1.3.1.6

CPE	Name	Operator	Version
zscaler:client_connector	zscaler client connector	lt	1.3.1.6

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Client Connector",
    "vendor": "Zscaler",
    "versions": [
      {
        "lessThan": "1.3.1.6",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

help.zscaler.com/client-connector/client-connector-app-release-summary-2022?applicable_category=Linux&applicable_version=1.3.1&deployment_date=2022-09-19

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-28795

prion1 nvd1 cvelist1