Lucene search

[email protected]CVE-2023-28617

HistoryMar 19, 2023 - 3:15 a.m.

CVE-2023-28617

2023-03-1903:15:11

CWE-78

[email protected]

web.nvd.nist.gov

cve-2023-28617

nvd

org-babel-execute

latex

ob-latex.el

org mode

gnu emacs

security vulnerability

arbitrary commands

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.2%

JSON

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.

Affected configurations

NVD

Node

gnuorg_modeRange≤9.6.1gnu_emacs

CPENameOperatorVersion
gnu:org_modegnu org modele9.6.1

CPE	Name	Operator	Version
gnu:org_mode	gnu org mode	le	9.6.1

References

git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=8f8ec2ccf3f5ef8f38d68ec84a7e4739c45db485

git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=a8006ea580ed74f27f974d60b598143b04ad1741

list.orgmode.org/tencent_04CF842704737012CCBCD63CD654DD41CA0A%40qq.com/T/#m6ef8e7d34b25fe17b4cbb655b161edce18c6655e

lists.debian.org/debian-lts-announce/2023/05/msg00008.html

lists.debian.org/debian-lts-announce/2023/10/msg00019.html

Social References

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.2%

JSON

Related for CVE-2023-28617

redhatcve2 oraclelinux2 nessus33 rocky2 veracode1 cbl_mariner1 osv10 openvas12 cvelist2 redhat14 almalinux4 debian2 nvd2 prion2 ubuntu1 ubuntucve2 mageia1 amazon1 debiancve2 cve1 ibm1