6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
0.035 Low
EPSS
Percentile
91.5%
software: flatpak 1.14.4
AXIS: ROSA-CHROME
package_evr_string: flatpak-1.14.4-1.src.rpm
CVE-ID: CVE-2023-28100
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: If the Flatpak application runs on a Linux virtual console, such as /dev/tty1
, it can copy text from the virtual console and paste it into a command buffer from which the command can be run after exiting the Flatpak application. Common graphical terminal emulators such as xterm, gnome-terminal and Konsole are not affected. This vulnerability is specific to Linux virtual consoles /dev/tty1
, /dev/tty2
, etc
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update flatpak
CVE-ID: CVE-2023-28101
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: If an attacker publishes a Flatpak application with elevated permissions, they can hide these permissions from users of the flatpak(1)
command line interface by setting different permissions for created values containing non-printable control characters such as ESC
. The fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a graphical interface such as GNOME software rather than a command-line interface, or install only applications whose developers you trust.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update flatpak
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
0.035 Low
EPSS
Percentile
91.5%