Lucene search
HistorySep 20, 2023 - 6:15 a.m.
CVE-2023-43621
cve-2023-43621
croc
security issue
local users
shared secret
command-line vulnerability
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
4.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
An issue was discovered in Croc through 9.6.5. The shared secret, located on a command line, can be read by local users who list all processes and their arguments.
Affected configurations
Node
schollzcrocRange≤9.6.5
| CPE | Name | Operator | Version |
|---|---|---|---|
| schollz:croc | schollz croc | le | 9.6.5 |
Related
alpinelinux
alpinelinux
CVE-2023-43621
2023-09-20 06:15:10
veracode
veracode
Insufficiently Protected Credentials
2023-09-29 11:40:35
github
github
Croc may expose secret to local users
2023-09-20 06:30:50
cvelist
cvelist
CVE-2023-43621
2023-09-20 00:00:00
nvd
nvd
CVE-2023-43621
2023-09-20 06:15:10
wolfi
wolfi
CVE-2023-43621 vulnerabilities
2024-06-26 03:08:30
prion
prion
Command injection
2023-09-20 06:15:00
osv
osv
Croc may expose secret to local users
2023-09-20 06:30:50
CVE-2023-43621
2023-09-20 06:15:10
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
4.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2023-43621