Lucene search

Ubuntu.comUB:CVE-2023-29465

HistoryApr 06, 2023 - 12:00 a.m.

CVE-2023-29465

2023-04-0600:00:00

ubuntu.com

sagemath flintqs

security vulnerability

tmpdir

local user

file overwrite

unix

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

SageMath FlintQS 1.0 relies on pathnames under TMPDIR (typically
world-writable), which (for example) allows a local user to overwrite files
with the privileges of a different user (who is running FlintQS).

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchflintqs< anyUNKNOWN
ubuntu20.04noarchflintqs< anyUNKNOWN
ubuntu22.04noarchflintqs< anyUNKNOWN
ubuntu23.10noarchflintqs< anyUNKNOWN
ubuntu24.04noarchflintqs< anyUNKNOWN
ubuntu16.04noarchflintqs< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	flintqs	< any	UNKNOWN
ubuntu	20.04	noarch	flintqs	< any	UNKNOWN
ubuntu	22.04	noarch	flintqs	< any	UNKNOWN
ubuntu	23.10	noarch	flintqs	< any	UNKNOWN
ubuntu	24.04	noarch	flintqs	< any	UNKNOWN
ubuntu	16.04	noarch	flintqs	< any	UNKNOWN

References

github.com/sagemath/FlintQS/issues/3

github.com/sagemath/sage/pull/35419

launchpad.net/bugs/cve/CVE-2023-29465

nvd.nist.gov/vuln/detail/CVE-2023-29465

security-tracker.debian.org/tracker/CVE-2023-29465

www.cve.org/CVERecord?id=CVE-2023-29465

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for UB:CVE-2023-29465