Lucene search

K

PRIOn knowledge basePRION:CVE-2023-38633

HistoryJul 22, 2023 - 5:15 p.m.

Directory traversal

2023-07-2217:15:00

PRIOn knowledge base

www.prio-n.com

5

directory traversal

url decoder

librsvg

vulnerability

remote attackers

local attackers

disclosure

file system

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.4 Medium

AI Score

Confidence

High

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

51.3%

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=“.?../…/…/…/…/…/…/…/…/…/etc/passwd” in an xi:include element.

CPENameOperatorVersion
debian_linuxeq11.0
debian_linuxeq12.0
fedoraeq37
fedoraeq38
librsvgge2.48.0
librsvglt2.48.11
librsvgge2.50.0
librsvglt2.50.8
librsvgge2.52.0
librsvglt2.52.10

Rows per page:

1-10 of 181

References

seclists.org/fulldisclosure/2023/Jul/43

www.openwall.com/lists/oss-security/2023/07/27/1

www.openwall.com/lists/oss-security/2023/09/06/10

bugzilla.suse.com/show_bug.cgi?id=1213502

gitlab.gnome.org/GNOME/librsvg/-/issues/996

gitlab.gnome.org/GNOME/librsvg/-/releases/2.56.3

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/422NTIHIEBRASIG2DWXYBH4ADYMHY626/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5BCXT5GW6RCL45ZUHUZR4CJG2BAFDVC/

news.ycombinator.com/item?id=37415799

security.netapp.com/advisory/ntap-20230831-0011/

www.canva.dev/blog/engineering/when-url-parsers-disagree-cve-2023-38633/

www.debian.org/security/2023/dsa-5484

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.4 Medium

AI Score

Confidence

High

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

51.3%

Related for PRION:CVE-2023-38633

nessus16 oraclelinux1 osv4 ubuntucve1 alpinelinux1 redos1 mageia1 openvas9 redhat3 veracode1 fedora2 debiancve1 cvelist1 cloudfoundry1 redhatcve1 cve1 debian1 almalinux1 ubuntu1 rosalinux1 ibm1 hp1