7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
7.9 High
AI Score
Confidence
High
0.008 Low
EPSS
Percentile
81.6%
Flatpak is a system for building, distributing, and running sandboxed
desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4,
and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the
TIOCLINUX
ioctl command instead of TIOCSTI
. If a Flatpak app is run on
a Linux virtual console such as /dev/tty1
, it can copy text from the
virtual console and paste it into the command buffer, from which the
command might be run after the Flatpak app has exited. Ordinary graphical
terminal emulators like xterm, gnome-terminal and Konsole are unaffected.
This vulnerability is specific to the Linux virtual consoles /dev/tty1
,
/dev/tty2
and so on. A patch is available in versions 1.10.8, 1.12.8,
1.14.4, and 1.15.4. As a workaround, don’t run Flatpak on a Linux virtual
console. Flatpak is primarily designed to be used in a Wayland or X11
graphical environment.
github.com/flatpak/flatpak/commit/8e63de9a7d3124f91140fc74f8ca9ed73ed53be9
github.com/flatpak/flatpak/security/advisories/GHSA-7qpw-3vjv-xrqp
launchpad.net/bugs/cve/CVE-2023-28100
marc.info/?l=oss-security&m=167879021709955&w=2
nvd.nist.gov/vuln/detail/CVE-2023-28100
security-tracker.debian.org/tracker/CVE-2023-28100
www.cve.org/CVERecord?id=CVE-2023-28100
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
10 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
7.9 High
AI Score
Confidence
High
0.008 Low
EPSS
Percentile
81.6%