Lucene search
Veracode Vulnerability DatabaseVERACODE:40323HistoryApr 28, 2023 - 2:53 a.m.
Improper Encoding
2023-04-2802:53:50
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
flatpak
vulnerability
improper encoding
software
elevated permissions
0.001 Low
EPSS
Percentile
35.8%
Flatpak is vulnerable to Improper Encoding. A malicious attacker to craft a flatpack app with elevated permisions and hide them from its users which is resulted due to improper encoding.
| CPE | Name | Operator | Version |
|---|---|---|---|
| flatpak:sid | eq | 1.8.3-2 | |
| flatpak:sid | eq | 1.11.3-2 | |
| flatpak:bullseye | eq | 1.8.2-3 | |
| flatpak:sid | eq | 1.8.3-2 | |
| flatpak:sid | eq | 1.11.3-2 | |
| flatpak:bullseye | eq | 1.8.2-3 |
References
github.com/flatpak/flatpak/commit/409e34187de2b2b2c4ef34c79f417be698830f6c
github.com/flatpak/flatpak/commit/6cac99dafe6003c8a4bd5666341c217876536869
github.com/flatpak/flatpak/commit/7fe63f2e8f1fd2dafc31d45154cf0b191ebec66c
github.com/flatpak/flatpak/security/advisories/GHSA-h43h-fwqx-mpp8
security-tracker.debian.org/tracker/CVE-2023-28101
security.gentoo.org/glsa/202312-12
Related
cvelist
cvelist
ubuntucve
ubuntucve
CVE-2023-28101
2023-03-16 00:00:00
osv
osv
CVE-2023-28101
2023-03-16 16:15:12
Moderate: flatpak security, bug fix, and enhancement update
2024-05-10 14:32:38
Moderate: flatpak security, bug fix, and enhancement update
2023-11-14 00:00:00
nvd
nvd
CVE-2023-28101
2023-03-16 16:15:12
debiancve
debiancve
CVE-2023-28101
2023-03-16 16:15:12
redhatcve
redhatcve
CVE-2023-28101
2023-03-17 05:13:05
prion
prion
Command injection
2023-03-16 16:15:00
cve
cve
CVE-2023-28101
2023-03-16 16:15:12
altlinux
altlinux
Security fix for the ALT Linux 10 package flatpak version 1.14.4-alt1
2023-03-27 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: flatpak-1.12.8-1.fc36
2023-04-02 01:34:23
[SECURITY] Fedora 37 Update: flatpak-1.14.4-1.fc37
2023-03-24 02:00:28
[SECURITY] Fedora 38 Update: flatpak-1.15.4-1.fc38
2023-03-20 00:20:25
openvas
openvas
Fedora: Security Advisory for flatpak (FEDORA-2023-b0717d8c45)
2023-03-25 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:1712-1)
2023-04-03 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:1714-1)
2023-04-03 00:00:00
almalinux
almalinux
Moderate: flatpak security, bug fix, and enhancement update
2023-11-07 00:00:00
Moderate: flatpak security, bug fix, and enhancement update
2023-11-14 00:00:00
nessus
nessus
RHEL 9 : flatpak (RHSA-2023:6518)
2023-11-07 00:00:00
RHEL 8 : flatpak (RHSA-2023:7038)
2023-11-14 00:00:00
CentOS 8 : flatpak (CESA-2023:7038)
2023-11-14 00:00:00
rocky
rocky
flatpak security, bug fix, and enhancement update
2024-05-10 14:32:38
redos
redos
ROS-20240627-04
2024-06-27 00:00:00
redhat
redhat
oraclelinux
oraclelinux
flatpak security, bug fix, and enhancement update
2023-11-11 00:00:00
flatpak security, bug fix, and enhancement update
2023-11-17 00:00:00
mageia
mageia
Updated flatpak packages fix security vulnerability
2023-03-24 08:55:49
rosalinux
rosalinux
Advisory ROSA-SA-2024-2337
2024-02-06 07:45:40
gentoo
gentoo
Flatpak: Multiple Vulnerabilities
2023-12-23 00:00:00