CVE-2023-26358

2023-03-2217:15:15

CWE-426

adobe

web.nvd.nist.gov

1171

cve-2023-26358

creative cloud

untrusted search path

vulnerability

nvd

security

data privacy

CVSS3

8.6

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

31.8%

JSON

Creative Cloud version 5.9.1 (and earlier) is affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts.

Affected configurations

Nvd

Vulners

Node

adobecreative_cloudRange<5.10

VendorProductVersionCPE
adobecreative_cloud*cpe:2.3:a:adobe:creative_cloud:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
adobe	creative_cloud	*	cpe:2.3:a:adobe:creative_cloud::::::::

CNA Affected

[
  {
    "vendor": "Adobe",
    "product": "Creative Cloud (desktop component)",
    "versions": [
      {
        "version": "unspecified",
        "lessThanOrEqual": "5.9.1",
        "status": "affected",
        "versionType": "custom"
      },
      {
        "version": "unspecified",
        "lessThanOrEqual": "None",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]