Lucene search

PRIOn knowledge basePRION:CVE-2022-32278

HistoryJun 13, 2022 - 10:15 p.m.

Design/Logic Flaw

2022-06-1322:15:00

PRIOn knowledge base

www.prio-n.com

8.8 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.3%

XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server.

CPENameOperatorVersion
debian_linuxeq9.0
debian_linuxeq10.0
debian_linuxeq11.0
exoge4.17.0
exolt4.17.2
exolt4.16.4

Name	Operator	Version
debian_linux	eq	9.0
debian_linux	eq	10.0
debian_linux	eq	11.0
exo	ge	4.17.0
exo	lt	4.17.2
exo	lt	4.16.4

References

gitlab.xfce.org/xfce/exo/-/commit/c71c04ff5882b2866a0d8506fb460d4ef796de9f

lists.debian.org/debian-lts-announce/2022/06/msg00018.html

www.debian.org/security/2022/dsa-5164