CVE-2023-52138

Exploit

EPSS 2.53%
Veröffentlicht 05.02.2024 15:15:08
Zuletzt bearbeitet 13.02.2025 18:15:54
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution (RCE) on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by default will follow stored symlinks while extracting and the Archiver will not check the symlink location, which leads to arbitrary file writes to unintended locations. When the victim extracts the archive, the attacker can craft a malicious cpio or ISO archive to achieve RCE on the target system. This vulnerability was fixed in commit 63d5dfa.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 3 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mate-desktop ≫ Engrampa Version < 1.26.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.53%	0.852

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.6	2.8	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
security-advisories@github.com	8.2	2.8	4.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CWE-25 Path Traversal: '/../filedir'

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "/../" sequences that can resolve to a location that is outside of that directory.

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

https://github.com/mate-desktop/engrampa/commit/63d5dfa9005c6b16d0f0ccd888cc859fca78f970

Patch

https://github.com/mate-desktop/engrampa/security/advisories/GHSA-c98h-v39w-3r7v

Vendor Advisory

Exploit

https://lists.debian.org/debian-lts-announce/2024/02/msg00011.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4IOJ3QWXTZGCXFEHP72ELY22PZ4AX2CB/

https://nvd.nist.gov/vuln/detail/CVE-2023-52138

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-52138

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-52138

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-52138