PT-2023-23096 · Kylinsoft · Youker-Assistant
Set3R.Pan
·
Published
2023-06-05
·
Updated
2024-05-17
·
CVE-2023-3098
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
KylinSoft youker-assistant versions prior to 3.0.2-0kylin6k70-23
Description
A critical issue has been found in the
restore all sound file function, allowing for path traversal manipulation, such as '../filedir'. This issue requires local access to exploit. The issue has been publicly disclosed.Recommendations
For versions prior to 3.0.2-0kylin6k70-23, upgrade to version 3.0.2-0kylin6k70-23 to address this issue. As a temporary workaround, consider disabling the
restore all sound file function until the upgrade is applied.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Youker-Assistant