Lucene search

K

Redhat.comRH:CVE-2023-38497

HistoryAug 04, 2023 - 11:23 a.m.

CVE-2023-38497

2023-08-0411:23:22

redhat.com

access.redhat.com

11

rust-cargo

umask

tarballs

permissions

arbitrary code

7.9 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

0.0004 Low

EPSS

Percentile

5.1%

A flaw was found in the rust-cargo package. Cargo, as bundled with the Rust compiler, did not respect the umask when extracting dependency tarballs and caching the extraction for future builds. If a dependency contained files with 0777 permissions, another local user could edit the cache of the extracted source code, potentially executing arbitrary code with the privileges of the user running Cargo during the next build.

Mitigation

We recommend configuring your system to prevent other local users from accessing the Cargo directory, usually located in ~/.cargo.

References

bugzilla.redhat.com/show_bug.cgi?id=2228038

nvd.nist.gov/vuln/detail/CVE-2023-38497

www.cve.org/CVERecord?id=CVE-2023-38497

www.openwall.com/lists/oss-security/2023/08/03/2

7.9 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

0.0004 Low

EPSS

Percentile

5.1%

Related for RH:CVE-2023-38497

cve1 osv7 debiancve1 redhat5 nessus18 ubuntu1 hackerone1 amazon1 cbl_mariner1 openvas4 veracode1 fedora2 oraclelinux2 github1 almalinux2 alpinelinux1 prion1 rocky2 cvelist1 nvd1 ubuntucve1