5.3

CVE-2023-37378

Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.89% 0.55
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://sf.net/p/nsis/bugs/1296
Issue Tracking
Permissions Required
https://github.com/kichik/nsis/commit/281e2851fe669d10e0650fc89d0e7fb74a598967
Patch
https://github.com/kichik/nsis/commit/409b5841479c44fbf33a6ba97c1146e46f965467
Patch
https://github.com/kichik/nsis/commit/c40cf78994e74a1a3a381a850c996b251e3277c0
Patch
https://lists.debian.org/debian-lts-announce/2023/07/msg00005.html
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A65FBUMHLZ7GBV3VDKUB5EK3A7X2UUWK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZPAAU57IA3NP6UOUXNBUQBAYK3JB2IM/
https://nsis.sourceforge.io/Docs/AppendixF.html#v3.09
Release Notes
https://sourceforge.net/p/nsis/news/2023/07/nsis-309-released/
Release Notes
https://lists.debian.org/debian-lts-announce/2024/09/msg00013.html