9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
7.1 High
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
72.9%
engrampa is vulneravle to Path Traversal. The vulnerability occurs an application does not properly validate or sanitize user input during the handling of CPIO archives which does not adequately check the symlink location. It allows an attacker arbitrary file writes to unintended locations and can craft a malicious CPIO or ISO archive to take advantage of the symlink handling issue during extraction, leading to the execution of arbitrary commands on the target system.
CPE | Name | Operator | Version |
---|---|---|---|
engrampa:sid | eq | 1.24.1-1 | |
engrampa:sid | eq | 1.24.1-1 |
github.com/mate-desktop/engrampa/commit/63d5dfa9005c6b16d0f0ccd888cc859fca78f970
github.com/mate-desktop/engrampa/security/advisories/GHSA-c98h-v39w-3r7v
lists.debian.org/debian-lts-announce/2024/02/msg00011.html
lists.fedoraproject.org/archives/list/[email protected]/message/4IOJ3QWXTZGCXFEHP72ELY22PZ4AX2CB/
security-tracker.debian.org/tracker/CVE-2023-52138
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
7.1 High
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
72.9%