Lucene search

[email protected]CVE-2023-51006

HistoryDec 28, 2023 - 4:15 a.m.

CVE-2023-51006

2023-12-2804:15:08

[email protected]

web.nvd.nist.gov

cve-2023-51006

chinese perpetual calendar

openfile method

file reading

unspecified vectors

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.2%

JSON

An issue in the openFile method of Chinese Perpetual Calendar v9.0.0 allows attackers to read any file via unspecified vectors.

Affected configurations

NVD

Node

zhwnlchinese_perpetual_calendarMatch9.0.0android

CPENameOperatorVersion
zhwnl:chinese_perpetual_calendarzhwnl chinese perpetual calendareq9.0.0

CPE	Name	Operator	Version
zhwnl:chinese_perpetual_calendar	zhwnl chinese perpetual calendar	eq	9.0.0

References

github.com/firmianay/security-issues/tree/main/app/cn.etouch.ecalendar

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.2%

JSON

Related for CVE-2023-51006

nvd1 prion1 cvelist1