Lucene search
Redhat.comRH:CVE-2023-34204HistoryMay 30, 2023 - 1:40 p.m.
CVE-2023-34204
2023-05-3013:40:35
redhat.com
access.redhat.com
12
cve-2023-34204
imapsync
predictable paths
tmp
var/tmp
world-writable
attacker
cache
overwrite
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
25.2%
imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of operation. Both of these are typically world-writable, and thus (for example) an attacker can modify imapsync’s cache and overwrite files belonging to the user who runs it.
Related
cve
cve
CVE-2023-34204
2023-05-30 04:15:10
osv
osv
CVE-2023-34204
2023-05-30 04:15:10
alpinelinux
alpinelinux
CVE-2023-34204
2023-05-30 04:15:10
prion
prion
Design/Logic Flaw
2023-05-30 04:15:00
nvd
nvd
CVE-2023-34204
2023-05-30 04:15:10
cvelist
cvelist
CVE-2023-34204
2023-05-30 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
25.2%
Related for RH:CVE-2023-34204