ROSA LABROSA-SA-2024-2471Advisory ROSA-SA-2024-2471
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
software: perl 5.30.3
OS: ROSA-CHROME
package_evr_string: perl-5.30.3-22
CVE-ID: CVE-2021-36770
BDU-ID: 2021-05374
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Encode.pm module of the Perl programming language interpreter is related to incorrect search path handling. Exploitation of the vulnerability allows an attacker acting remotely to inject arbitrary code and escalate their privileges
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update perl
CVE-ID: CVE-2023-31486
BDU-ID: 2023-03872
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Perl HTTP::Tiny programming language library is related to errors in the TLS certificate authentication procedure. Exploitation of the vulnerability allows an attacker acting remotely to gain access to sensitive data, compromise its integrity, and cause denial of service
CVE-STATUS: Fixed
CVE-REV: To close, execute command: sudo dnf update perl
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low