CVE-2023-28144

Опубликовано: 14 мар. 2023

Источник: debian

EPSS Низкий

Описание

KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configuration, allows privilege escalation because of race conditions involving symlinks and elevate_perf_privileges.sh chown calls.

Пакеты

Пакет	Статус	Релиз	Тип
hotspot	unfixed		package
hotspot	no-dsa	bookworm	package
hotspot	no-dsa	bullseye	package
hotspot	not-affected	buster	package

Примечания

https://www.openwall.com/lists/oss-security/2023/03/14/8
Introduced by: https://github.com/KDAB/hotspot/commit/3b4682565f0e53f903f3ad0f3f2c0f236d382efb (v1.3.0)
Opt-In to allow privilege escalation (and disable by default):
https://github.com/KDAB/hotspot/commit/65a246ce9196462081483fd07d97678dcfe36b9c

EPSS

Процентиль: 13%

0.00043

Низкий

Связанные уязвимости

CVE-2023-28144

CVSS3: 7

ubuntu

почти 3 года назад

KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configuration, allows privilege escalation because of race conditions involving symlinks and elevate_perf_privileges.sh chown calls.

CVE-2023-28144

CVSS3: 7

nvd

почти 3 года назад

KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configuration, allows privilege escalation because of race conditions involving symlinks and elevate_perf_privileges.sh chown calls.

GHSA-r4wr-r3pf-8cvw

CVSS3: 7

github

почти 3 года назад

KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configuration, allows privilege escalation because of race conditions involving symlinks and elevate_perf_privileges.sh chown calls.

EPSS

Процентиль: 13%

0.00043

Низкий