CVE-2023-41915

Опубликовано: 09 сент. 2023

Источник: nvd

CVSS3: 8.1

EPSS Низкий

Описание

OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.

Ссылки

http://www.openwall.com/lists/oss-security/2024/07/10/3
http://www.openwall.com/lists/oss-security/2024/07/10/4
http://www.openwall.com/lists/oss-security/2024/07/10/6
http://www.openwall.com/lists/oss-security/2024/07/11/3
https://docs.openpmix.org/en/latest/security.html
Not Applicable
https://github.com/openpmix/openpmix/releases/tag/v4.2.6
Release Notes
https://github.com/openpmix/openpmix/releases/tag/v5.0.1
Release Notes
https://lists.debian.org/debian-lts-announce/2023/10/msg00048.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFKIY6SNC3KQNZMVROWMIW6DI5XPNKQX/
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYJ7IRNR6NHJMTNOV3E3W3D5MLDRDCJX/
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YDLWSMQYXF2ZGOQKCG26H6ZZA5FEH7HX/
Mailing List
Third Party Advisory
https://www.debian.org/security/2023/dsa-5547
Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/07/10/3
http://www.openwall.com/lists/oss-security/2024/07/10/4
http://www.openwall.com/lists/oss-security/2024/07/10/6
http://www.openwall.com/lists/oss-security/2024/07/11/3
https://docs.openpmix.org/en/latest/security.html
Not Applicable
https://github.com/openpmix/openpmix/releases/tag/v4.2.6
Release Notes
https://github.com/openpmix/openpmix/releases/tag/v5.0.1
Release Notes
https://lists.debian.org/debian-lts-announce/2023/10/msg00048.html
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:openpmix:openpmix:*:*:*:*:*:*:*:*

Версия до 4.2.6 (исключая)

cpe:2.3:a:openpmix:openpmix:5.0.0:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01033

Низкий

8.1 High

CVSS3

Дефекты

CWE-362

Связанные уязвимости

CVE-2023-41915

CVSS3: 8.1

ubuntu

больше 2 лет назад

OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.

CVE-2023-41915

CVSS3: 8.1

redhat

больше 2 лет назад

OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.

CVE-2023-41915

CVSS3: 8.1

msrc

больше 2 лет назад

OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.

CVE-2023-41915

CVSS3: 8.1

debian

больше 2 лет назад

OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to ...

SUSE-SU-2023:3859-1

suse-cvrf

больше 2 лет назад

Security update for pmix

EPSS

Процентиль: 77%

0.01033

Низкий

8.1 High

CVSS3

Дефекты

CWE-362