Lucene search

K
nvd[email protected]NVD:CVE-2023-41915
HistorySep 09, 2023 - 10:15 p.m.

CVE-2023-41915

2023-09-0922:15:09
CWE-362
web.nvd.nist.gov
1
openpmix
pmix
vulnerability
file ownership
race condition
library code
uid 0 .

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8

Confidence

High

EPSS

0.001

Percentile

51.1%

OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.

Affected configurations

NVD
Node
openpmixopenpmixRange<4.2.6
OR
openpmixopenpmixMatch5.0.0
Node
fedoraprojectfedoraMatch37
OR
fedoraprojectfedoraMatch38
OR
fedoraprojectfedoraMatch39
Node
debiandebian_linuxMatch10.0
OR
debiandebian_linuxMatch12.0

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8

Confidence

High

EPSS

0.001

Percentile

51.1%