Lucene search

RedosROS-20240412-03

HistoryApr 12, 2024 - 12:00 a.m.

ROS-20240412-03

2024-04-1200:00:00

redos.red-soft.ru

atril

document viewer

vulnerability

attacker

arbitrary files

file system

unix

8.5 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L

7.2 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.9%

JSON

Atril document viewer vulnerability is related to incorrect path restriction to a restricted
directory. Exploitation of the vulnerability could allow an attacker to write arbitrary files anywhere in the
file system

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64atril<= 1.26.0-13UNKNOWN

OS	Version	Architecture	Package	Version	Filename
redos	7.3	x86_64	atril	<= 1.26.0-13	UNKNOWN

8.5 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L

7.2 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.9%

JSON

Related for ROS-20240412-03