CVE-2023-3099

Exploit

EPSS 0.05%
Veröffentlicht 05.06.2023 07:15:11
Zuletzt bearbeitet 21.11.2024 08:16:27
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function delete_file in the library dbus.SystemBus of the component Arbitrary File Handler. The manipulation leads to improper access controls. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.2-0kylin6k70-23 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-230689 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ubuntukylin ≫ Youker-assistant SwPlatformkylinos Version < 3.0.2-0kylin6k70-23

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.166

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.1	1.8	5.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
cna@vuldb.com	4.4	1.8	2.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
cna@vuldb.com	3.2	3.1	4.9	AV:L/AC:L/Au:S/C:N/I:P/A:P

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://github.com/i900008/vulndb/blob/main/kylinos_vul4.md

Third Party Advisory

Exploit

https://vuldb.com/?ctiid.230689

Third Party Advisory

Permissions Required

https://vuldb.com/?id.230689

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-3099

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3099

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3099

EUVD