Lucene search

Veracode Vulnerability DatabaseVERACODE:45301

HistoryFeb 03, 2024 - 3:01 a.m.

Path Traversal

2024-02-0303:01:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

atril

path traversal

vulnerability

improper file path validation

arbitrary files

filesystem

8.5 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L

6.8 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.9%

JSON

Atril is vulnerable to Path Traversal. The vulnerability is due to improper file path validation. The attacker can write arbitrary files anywhere on the filesystem to which the user opening a crafted document has access.

CPENameOperatorVersion
atril:sideq1.24.0-1
atril:sideq1.24.0-1
atril:bookwormeq1.24.0-1+b1
atril:bustereq1.20.3-1+deb10u1

Name	Operator	Version
atril:sid	eq	1.24.0-1
atril:sid	eq	1.24.0-1
atril:bookworm	eq	1.24.0-1+b1
atril:buster	eq	1.20.3-1+deb10u1

References

github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50

github.com/mate-desktop/atril/releases/tag/v1.26.2

github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37

lists.debian.org/debian-lts-announce/2024/06/msg00003.html

security-tracker.debian.org/tracker/CVE-2023-52076

8.5 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L

6.8 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.9%

JSON

Related for VERACODE:45301