Lucene search
Veracode Vulnerability DatabaseVERACODE:40561HistoryMay 17, 2023 - 2:47 a.m.
External Control Of Configuration
2023-05-1702:47:12
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
external control of configuration
insecure implementation
attacker exploitation
.in_totorc file
exclude patterns
0.0004 Low
EPSS
Percentile
15.5%
in-toto is vulnerable to External Control of Configuration. The vulnerability exists due to the insecure implementation of the user_settings module, which allows an attacker to write configuration from the local directory and mask their activities by passing a maliciously crafted .in_totorc file, including necessary exclude patterns and settings.
Related
debiancve
debiancve
CVE-2023-32076
2023-05-10 18:15:10
cve
cve
CVE-2023-32076
2023-05-10 18:15:10
prion
prion
Design/Logic Flaw
2023-05-10 18:15:00
osv
osv
CVE-2023-32076
2023-05-10 18:15:10
in-toto vulnerable to Configuration Read From Local Directory
2023-05-11 20:47:56
PYSEC-2023-63
2023-05-10 18:15:00
nvd
nvd
CVE-2023-32076
2023-05-10 18:15:10
github
github
in-toto vulnerable to Configuration Read From Local Directory
2023-05-11 20:47:56
ubuntucve
ubuntucve
CVE-2023-32076
2023-05-10 00:00:00
cvelist
cvelist
CVE-2023-32076 in-toto vulnerable to Configuration Read From Local Directory
2023-05-10 17:58:09