Lucene search

K
mageiaGentoo FoundationMGASA-2024-0162
HistoryMay 09, 2024 - 5:40 a.m.

Updated openpmix packages fix security vulnerability

2024-05-0905:40:29
Gentoo Foundation
advisories.mageia.org
22
security vulnerability
race condition
arbitrary files
cve-2023-41915
unix

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

Low

EPSS

0.001

Percentile

51.1%

This update fixes a race condition allowing attackers to obtain ownership of arbitrary files (CVE-2023-41915).

OSVersionArchitecturePackageVersionFilename
Mageia9noarchopenpmix< 4.2.3-1.1openpmix-4.2.3-1.1.mga9

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

Low

EPSS

0.001

Percentile

51.1%