CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS
Percentile
47.3%
The NSIS (Nullsoft Scriptable Install System) is vulnerable to Access Control Vulnerability. The vulnerability is due to not restricting or incorrectly restricting access to an uninstaller directory from an unauthorized actor leading to priviledge escalation.
sf.net/p/nsis/bugs/1296
github.com/kichik/nsis/commit/281e2851fe669d10e0650fc89d0e7fb74a598967
github.com/kichik/nsis/commit/409b5841479c44fbf33a6ba97c1146e46f965467
github.com/kichik/nsis/commit/c40cf78994e74a1a3a381a850c996b251e3277c0
lists.debian.org/debian-lts-announce/2023/07/msg00005.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A65FBUMHLZ7GBV3VDKUB5EK3A7X2UUWK/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZPAAU57IA3NP6UOUXNBUQBAYK3JB2IM/
lists.fedoraproject.org/archives/list/[email protected]/message/A65FBUMHLZ7GBV3VDKUB5EK3A7X2UUWK/
lists.fedoraproject.org/archives/list/[email protected]/message/OZPAAU57IA3NP6UOUXNBUQBAYK3JB2IM/
nsis.sourceforge.io/Docs/AppendixF.html#v3.09
sourceforge.net/p/nsis/news/2023/07/nsis-309-released/