Lucene search

[email protected]CVE-2023-52076

HistoryJan 25, 2024 - 4:15 p.m.

CVE-2023-52076

2024-01-2516:15:07

CWE-22

CWE-27

CWE-24

CWE-25

[email protected]

web.nvd.nist.gov

atril

document viewer

mate

linux

path traversal

arbitrary file write

vulnerability

exploit

remote command execution

cve-2023-52076

8.5 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L

7.7 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.0%

JSON

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The only limitation is that this vulnerability cannot be exploited to overwrite existing files, but that doesn’t stop an attacker from achieving Remote Command Execution on the target system. Version 1.26.2 of Atril contains a patch for this vulnerability.

Affected configurations

Vulners

NVD

Node

mate-desktopatrilRange<1.26.2

VendorProductVersionCPE
mate\-desktopatril*cpe:2.3:a:mate\-desktop:atril:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mate\-desktop	atril	*	cpe:2.3:a:mate\-desktop:atril::::::::

CNA Affected

[
  {
    "vendor": "mate-desktop",
    "product": "atril",
    "versions": [
      {
        "version": "< 1.26.2",
        "status": "affected"
      }
    ]
  }
]