Описание
insecure local cache file removal
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 3.56.2-8 |
| esm-infra/bionic | needed | |
| esm-infra/focal | needed | |
| esm-infra/xenial | needed | |
| jammy | released | 3.44.4-0ubuntu1.2 |
| noble | released | 3.52.3-0ubuntu1.2 |
| questing | released | 3.56.2-3ubuntu0.1 |
| upstream | released | 3.59.3 |
Показывать по
10
Связанные уязвимости
CVSS3: 5.6
redhat
около 1 месяца назад
A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored without proper validation during contact creation or modification. Later, during contact deletion, the URI is processed with a less strict check, leading to the deletion of arbitrary files on the host filesystem. This could potentially include critical Flatpak override files.
