Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-28101

Опубликовано: 16 мар. 2023
Источник: nvd
CVSS3: 5
CVSS3: 4.3
EPSS Низкий

Описание

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the flatpak(1) command-line interface by setting other permissions to crafted values that contain non-printable control characters such as ESC. A fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*
Версия до 1.10.8 (исключая)
cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*
Версия от 1.12.0 (включая) до 1.12.8 (исключая)
cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*
Версия от 1.14.0 (включая) до 1.14.4 (исключая)
cpe:2.3:a:flatpak:flatpak:*:*:*:*:*:*:*:*
Версия от 1.15.0 (включая) до 1.15.4 (исключая)

EPSS

Процентиль: 44%
0.00213
Низкий

5 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-116

Связанные уязвимости

ubuntu логотип

CVE-2023-28101

CVSS3: 5
ubuntu
больше 2 лет назад

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust.

redhat логотип

CVE-2023-28101

CVSS3: 6.2
redhat
больше 2 лет назад

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust.

debian логотип

CVE-2023-28101

CVSS3: 5
debian
больше 2 лет назад

Flatpak is a system for building, distributing, and running sandboxed ...

fstec логотип

BDU:2024-04882

CVSS3: 4.3
fstec
больше 2 лет назад

Уязвимость компонента App инструмента для управления приложениями и средами Flatpak, позволяющая нарушителю оказать воздействие на целостность данных

suse-cvrf логотип

SUSE-SU-2023:1715-1

suse-cvrf
около 2 лет назад

Security update for flatpak

EPSS

Процентиль: 44%
0.00213
Низкий

5 Medium

CVSS3

4.3 Medium

CVSS3

Дефекты

CWE-116