Lucene search

K

Redhat.comRH:CVE-2023-2491

HistoryMay 03, 2023 - 12:16 p.m.

CVE-2023-2491

2023-05-0312:16:44

redhat.com

access.redhat.com

13

emacs

org-mode

arbitrary command execution

security regression

red hat enterprise linux

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

30.2%

A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the “org-babel-execute:latex” function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.

References

bugzilla.redhat.com/show_bug.cgi?id=2192873

nvd.nist.gov/vuln/detail/CVE-2023-2491

www.cve.org/CVERecord?id=CVE-2023-2491

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

30.2%

Related for RH:CVE-2023-2491

nessus33 debiancve2 nvd2 cvelist2 osv10 prion2 ubuntucve2 redhat27 almalinux4 cve2 openvas12 redhatcve1 oraclelinux4 rocky2 veracode1 cbl_mariner1 debian2 ubuntu1 mageia1 amazon1 ibm2