Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2023-3BFB63F6D2.NASL
HistorySep 18, 2023 - 12:00 a.m.

Fedora 38 : chromium (2023-3bfb63f6d2)

2023-09-1800:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
4
chromium vulnerabilities
out of bounds memory access
use after free
heap-based buffer over-read
type confusion
heap buffer overflow
inappropriate implementations
insufficient policy enforcement
fedora 38
2023-3bfb63f6d2
libjpeg-turbo

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.771 High

EPSS

Percentile

98.2%

JSON

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-3bfb63f6d2 advisory.

  • Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4427)

  • Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4428)

  • Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4429)

  • Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4430)

  • Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4431)

  • Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4572)

  • libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c. (CVE-2021-29390)

  • Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page.
    (Chromium security severity: High) (CVE-2023-4761)

  • Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4762)

  • Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4763)

  • Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4764)

  • Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-4863)

  • Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity:
    Medium) (CVE-2023-4900)

  • Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4901)

  • Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4902)

  • Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity:
    Medium) (CVE-2023-4903)

  • Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity:
    Medium) (CVE-2023-4904)

  • Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4905)

  • Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-4906)

  • Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-4907)

  • Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-4908)

  • Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-4909)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2023-3bfb63f6d2
#

include('compat.inc');

if (description)
{
  script_id(181517);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/30");

  script_cve_id(
    "CVE-2021-29390",
    "CVE-2023-4427",
    "CVE-2023-4428",
    "CVE-2023-4429",
    "CVE-2023-4430",
    "CVE-2023-4431",
    "CVE-2023-4572",
    "CVE-2023-4761",
    "CVE-2023-4762",
    "CVE-2023-4763",
    "CVE-2023-4764",
    "CVE-2023-4863",
    "CVE-2023-4900",
    "CVE-2023-4901",
    "CVE-2023-4902",
    "CVE-2023-4903",
    "CVE-2023-4904",
    "CVE-2023-4905",
    "CVE-2023-4906",
    "CVE-2023-4907",
    "CVE-2023-4908",
    "CVE-2023-4909"
  );
  script_xref(name:"FEDORA", value:"2023-3bfb63f6d2");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2024/02/27");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2023/10/04");

  script_name(english:"Fedora 38 : chromium (2023-3bfb63f6d2)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the
FEDORA-2023-3bfb63f6d2 advisory.

  - Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to
    perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
    (CVE-2023-4427)

  - Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to
    perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
    (CVE-2023-4428)

  - Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially
    exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4429)

  - Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially
    exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4430)

  - Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to
    perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)
    (CVE-2023-4431)

  - Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to
    potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
    (CVE-2023-4572)

  - libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in
    jdcoefct.c. (CVE-2021-29390)

  - Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker
    who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page.
    (Chromium security severity: High) (CVE-2023-4761)

  - Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute
    arbitrary code via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4762)

  - Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to
    potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
    (CVE-2023-4763)

  - Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to
    spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)
    (CVE-2023-4764)

  - Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a
    remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security
    severity: Critical) (CVE-2023-4863)

  - Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a
    remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity:
    Medium) (CVE-2023-4900)

  - Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker
    to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
    (CVE-2023-4901)

  - Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to
    spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4902)

  - Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62
    allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity:
    Medium) (CVE-2023-4903)

  - Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote
    attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity:
    Medium) (CVE-2023-4904)

  - Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker
    to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4905)

  - Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote
    attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)
    (CVE-2023-4906)

  - Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a
    remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)
    (CVE-2023-4907)

  - Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a
    remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)
    (CVE-2023-4908)

  - Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote
    attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)
    (CVE-2023-4909)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2023-3bfb63f6d2");
  script_set_attribute(attribute:"solution", value:
"Update the affected chromium package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-4863");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/08/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/09/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/09/18");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:38");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:chromium");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');
var os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
os_ver = os_ver[1];
if (! preg(pattern:"^38([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 38', 'Fedora ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);

var pkgs = [
    {'reference':'chromium-117.0.5938.62-1.fc38', 'release':'FC38', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (reference && _release) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chromium');
}
VendorProductVersionCPE
fedoraprojectfedora38cpe:/o:fedoraproject:fedora:38
fedoraprojectfedorachromiump-cpe:/a:fedoraproject:fedora:chromium

References

Related

openvas 17
fedora 4
nessus 28
debian 3
osv 15
freebsd 8
mageia 2
chrome 4
kaspersky 6
malwarebytes 1
photon 2
cve 11
almalinux 1
ubuntucve 11
redhatcve 1
rocky 1
redhat 1
cvelist 13
oraclelinux 1
nvd 10
prion 11
debiancve 12
amazon 1
alpinelinux 1
attackerkb 1
cnvd 8
mscve 11
veracode 12
cisa_kev 1
vulnrichment 1
openvas
openvas
Fedora: Security Advisory for chromium (FEDORA-2023-3bfb63f6d2)
2023-09-19 00:00:00
Fedora: Security Advisory for chromium (FEDORA-2023-b427f54e68)
2023-09-22 00:00:00
openSUSE: Security Advisory for chromium (openSUSE-SU-2023:0249-1)
2024-03-04 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: chromium-117.0.5938.88-1.fc37
2023-09-21 01:22:25
[SECURITY] Fedora 38 Update: chromium-117.0.5938.62-1.fc38
2023-09-18 01:25:57
[SECURITY] Fedora 39 Update: chromium-116.0.5845.179-1.fc39
2023-09-15 19:08:58
nessus
nessus
Fedora 37 : chromium (2023-b427f54e68)
2023-09-21 00:00:00
Debian DSA-5499-1 : chromium - security update
2023-09-19 00:00:00
Google Chrome < 117.0.5938.62 Multiple Vulnerabilities
2023-09-12 00:00:00
debian
debian
[SECURITY] [DSA 5499-1] chromium security update
2023-09-18 21:38:00
[SECURITY] [DSA 5483-1] chromium security update
2023-08-25 19:16:39
[SECURITY] [DSA 5491-1] chromium security update
2023-09-07 17:50:38
osv
osv
chromium - security update
2023-09-18 00:00:00
chromium - security update
2023-08-25 00:00:00
chromium - security update
2023-09-07 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2023-09-12 00:00:00
chromium -- multiple vulnerabilities
2023-08-22 00:00:00
electron25 -- multiple vulnerabilities
2023-08-30 00:00:00
mageia
mageia
Updated chromium-browser-stable package fixes bugs and vulnerabilities
2023-10-03 13:53:29
Updated chromium-browser-stable packages fix security vulnerability
2023-09-11 16:07:54
chrome
chrome
Stable Channel Update for Desktop
2023-09-12 00:00:00
Stable Channel Update for Desktop
2023-08-22 00:00:00
Stable Channel Update for Desktop
2023-09-05 00:00:00
kaspersky
kaspersky
KLA60746 Multiple vulnerabilities in Microsoft Browser
2023-09-15 00:00:00
KLA52396 Multiple vulnerabilities in Google Chrome
2023-08-22 00:00:00
KLA60560 Multiple vulnerabilities in Google Chrome
2023-09-12 00:00:00
malwarebytes
malwarebytes
Update now! Google Chrome's first weekly update has arrived
2023-08-25 18:15:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-5.0-0160
2023-12-01 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0459
2023-08-28 00:00:00
cve
cve
CVE-2021-29390
2023-08-22 19:16:20
CVE-2023-4763
2023-09-05 22:15:09
CVE-2023-4762
2023-09-05 22:15:09
almalinux
almalinux
Moderate: libjpeg-turbo security update
2024-04-30 00:00:00
ubuntucve
ubuntucve
CVE-2021-29390
2023-08-22 00:00:00
CVE-2023-4909
2023-09-12 00:00:00
CVE-2023-4763
2023-09-05 00:00:00
redhatcve
redhatcve
CVE-2021-29390
2023-08-30 13:45:20
rocky
rocky
libjpeg-turbo security update
2024-05-10 14:32:38
redhat
redhat
(RHSA-2024:2295) Moderate: libjpeg-turbo security update
2024-04-30 06:15:18
cvelist
cvelist
CVE-2021-29390
2023-08-22 00:00:00
CVE-2023-4906
2023-09-12 20:47:06
CVE-2023-4763
2023-09-05 21:57:42
oraclelinux
oraclelinux
libjpeg-turbo security update
2024-05-02 00:00:00
nvd
nvd
CVE-2021-29390
2023-08-22 19:16:20
CVE-2023-4763
2023-09-05 22:15:09
CVE-2023-4909
2023-09-12 21:15:09
prion
prion
Heap overflow
2023-08-22 19:16:00
Design/Logic Flaw
2023-09-05 22:15:00
Design/Logic Flaw
2023-09-12 21:15:00
debiancve
debiancve
CVE-2021-29390
2023-08-22 19:16:20
CVE-2023-4905
2023-09-12 21:15:08
CVE-2023-4763
2023-09-05 22:15:09
amazon
amazon
Important: libjpeg-turbo
2023-09-13 23:44:00
alpinelinux
alpinelinux
CVE-2023-4762
2023-09-05 22:15:09
attackerkb
attackerkb
CVE-2023-4762
2023-09-05 00:00:00
cnvd
cnvd
Google Chrome Security Bypass Vulnerability (CNVD-2023-75500)
2023-09-17 00:00:00
Google Chrome Security Bypass Vulnerability (CNVD-2023-75499)
2023-09-17 00:00:00
Google Chrome Security Bypass Vulnerability (CNVD-2023-75320)
2023-09-17 00:00:00
mscve
mscve
Chromium: CVE-2023-4763 Use after free in Networks
2023-09-07 16:03:41
Chromium: CVE-2023-4906 Insufficient policy enforcement in Autofill
2023-09-15 07:00:00
Chromium: CVE-2023-4907 Inappropriate implementation in Intents
2023-09-15 07:00:00
veracode
veracode
Use After Free
2023-09-12 02:44:25
Out-Of-Bounds Memory Access
2023-08-30 15:14:31
Improper Input Validation
2023-10-09 17:24:27
cisa_kev
cisa_kev
Google Chromium V8 Type Confusion Vulnerability
2024-02-06 00:00:00
vulnrichment
vulnrichment
CVE-2023-4762
2023-09-05 21:57:42

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.771 High

EPSS

Percentile

98.2%

JSON
Related for FEDORA_2023-3BFB63F6D2.NASL
openvas17fedora4nessus28debian3osv15freebsd8mageia2chrome4kaspersky6malwarebytes1photon2cve11almalinux1ubuntucve11redhatcve1rocky1redhat1cvelist13oraclelinux1nvd10prion11debiancve12amazon1alpinelinux1attackerkb1cnvd8mscve11veracode12cisa_kev1vulnrichment1