Lucene search

GoogleOSV:CVE-2023-29465

HistoryApr 06, 2023 - 8:15 p.m.

CVE-2023-29465

2023-04-0620:15:08

Google

osv.dev

sagemath flintqs 1.0

tmpdir

world-writable

local user

overwrite files

different user's privileges

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

SageMath FlintQS 1.0 relies on pathnames under TMPDIR (typically world-writable), which (for example) allows a local user to overwrite files with the privileges of a different user (who is running FlintQS).

CPENameOperatorVersion
flintqseq1:1.0-3
flintqseq1.0
flintqseq1:1.0-4

Name	Operator	Version
flintqs	eq	1:1.0-3
flintqs	eq	1.0
flintqs	eq	1:1.0-4

References

github.com/sagemath/FlintQS/issues/3

github.com/sagemath/sage/pull/35419

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

5.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for OSV:CVE-2023-29465