Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-39810
HistoryAug 28, 2023 - 12:00 a.m.

CVE-2023-39810

2023-08-2800:00:00
ubuntu.com
ubuntu.com
3
cve-2023-39810
cpio command
busybox v1.33.2
directory traversal
bugs
debian
rodrigo-zaiden
launchpad
unix

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

22.9%

An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute
a directory traversal.

Bugs

Notes

Author Note
rodrigo-zaiden as of 2024-05-16, there is no update from upstream.

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

22.9%