Lucene search

K

Redhat.comRH:CVE-2023-29337

HistoryJun 14, 2023 - 5:49 a.m.

CVE-2023-29337

2023-06-1405:49:12

redhat.com

access.redhat.com

13

vulnerability

dotnet

nuget

race condition

symlink attack

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

0.01 Low

EPSS

Percentile

83.8%

A vulnerability was found in dotnet. This issue exists in NuGet where a potential race condition can lead to a symlink attack.

References

bugzilla.redhat.com/show_bug.cgi?id=2213703

github.com/dotnet/core/blob/c73158b8ef08db362585f9ed16b97c1d1372c666/release-notes/6.0/6.0.18/6.0.18.md

github.com/dotnet/core/blob/c73158b8ef08db362585f9ed16b97c1d1372c666/release-notes/7.0/7.0.7/7.0.7.md

nvd.nist.gov/vuln/detail/CVE-2023-29337

www.cve.org/CVERecord?id=CVE-2023-29337

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

0.01 Low

EPSS

Percentile

83.8%

Related for RH:CVE-2023-29337

ubuntucve1 mscve1 osv9 debiancve1 vulnrichment1 cve1 veracode1 cvelist1 nvd1 github1 prion1 alpinelinux1 ibm1 nessus15 oraclelinux4 redhat7 rocky2 almalinux4 ubuntu2 openvas2 kaspersky1 rapid7blog1