PT-2023-23100 · Kylinsoft · Youker-Assistant

Set3R.Pan

Publicado

2023-06-05

Atualizado

2024-05-17

CVE-2023-3099

CVSS v3.1

7.1

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions KylinSoft youker-assistant versions prior to 3.0.2-0kylin6k70-23

Description A critical issue was found in the delete file function of the dbus.SystemBus library in the Arbitrary File Handler component, leading to improper access controls. This issue can be exploited locally.

Recommendations For versions prior to 3.0.2-0kylin6k70-23, upgrade to version 3.0.2-0kylin6k70-23 to address this issue. As a temporary workaround, consider restricting access to the delete file function in the dbus.SystemBus library until the upgrade is applied.

Exploit

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

CVE-2023-3099

Produtos afetados

Youker-Assistant

PT-2023-23100 · Kylinsoft · Youker-Assistant

CVE-2023-3099

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5