Lucene search

Redhat.comRH:CVE-2023-35946

HistoryAug 08, 2023 - 10:18 p.m.

CVE-2023-35946

2023-08-0822:18:47

redhat.com

access.redhat.com

gradle

directory traversal

file overwrite

dependency verification

vulnerability

CVSS3

6.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L

EPSS

0.001

Percentile

21.7%

JSON

A flaw was found in Gradle that permits directory traversal in its evaluation of repository paths. This issue could allow a local attacker to overwrite a file in the dependency cache with malicious code.

Mitigation

Users unable to upgrade should use dependency verification to make this vulnerability more difficult to exploit.

References

bugzilla.redhat.com/show_bug.cgi?id=2219505

nvd.nist.gov/vuln/detail/CVE-2023-35946

www.cve.org/CVERecord?id=CVE-2023-35946

CVSS3

6.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L

EPSS

0.001

Percentile

21.7%

JSON

Related for RH:CVE-2023-35946