CVE-2023-28371

2023-03-1500:00:00

ubuntu.com

stellarium vulnerability unauthorized-file-write.cvss-7-unix.

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

72.5%

JSON

In Stellarium through 1.2, attackers can write to files that are typically
unintended, such as ones with absolute pathnames or … directory traversal.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchstellarium< anyUNKNOWN
ubuntu20.04noarchstellarium< anyUNKNOWN
ubuntu22.04noarchstellarium< anyUNKNOWN
ubuntu23.10noarchstellarium< anyUNKNOWN
ubuntu24.04noarchstellarium< anyUNKNOWN
ubuntu16.04noarchstellarium< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	stellarium	< any	UNKNOWN
ubuntu	20.04	noarch	stellarium	< any	UNKNOWN
ubuntu	22.04	noarch	stellarium	< any	UNKNOWN
ubuntu	23.10	noarch	stellarium	< any	UNKNOWN
ubuntu	24.04	noarch	stellarium	< any	UNKNOWN
ubuntu	16.04	noarch	stellarium	< any	UNKNOWN