Lucene search

K
nvd[email protected]NVD:CVE-2023-6336
HistoryJan 16, 2024 - 8:15 p.m.

CVE-2023-6336

2024-01-1620:15:45
CWE-59
web.nvd.nist.gov
3
cve-2023-6336
link resolution
file access
user-controlled filename
workforce access
macos

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

9.0%

Improper Link Resolution Before File Access (‘Link Following’) vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.

Affected configurations

Nvd
Node
hyprworkforce_accessRange<8.7
AND
applemacosMatch-
VendorProductVersionCPE
hyprworkforce_access*cpe:2.3:a:hypr:workforce_access:*:*:*:*:*:*:*:*
applemacos-cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

9.0%

Related for NVD:CVE-2023-6336