nvd-json-data-feeds/CVE-2023/CVE-2023-41xx/CVE-2023-4104.json

{
  "id": "CVE-2023-4104",
  "sourceIdentifier": "security@mozilla.org",
  "published": "2023-09-11T09:15:08.997",
  "lastModified": "2023-09-13T16:34:57.820",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups.\n*This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN client for Linux < v2.16.1."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mozilla:vpn:*:*:*:*:*:linux:*:*",
              "versionEndExcluding": "2.16.1",
              "matchCriteriaId": "60737FA0-0B0A-4423-891A-6E747F952254"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1831318",
      "source": "security@mozilla.org",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ]
    },
    {
      "url": "https://github.com/mozilla-mobile/mozilla-vpn-client/pull/7055",
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Patch"
      ]
    },
    {
      "url": "https://github.com/mozilla-mobile/mozilla-vpn-client/pull/7110",
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking",
        "Patch"
      ]
    },
    {
      "url": "https://github.com/mozilla-mobile/mozilla-vpn-client/pull/7151",
      "source": "security@mozilla.org",
      "tags": [
        "Issue Tracking"
      ]
    },
    {
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-39/",
      "source": "security@mozilla.org",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "https://www.openwall.com/lists/oss-security/2023/08/03/1",
      "source": "security@mozilla.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ]
    }
  ]
}
Auto-Update: 2023-09-11T10:00:25.001618+00:00 2023-09-11 10:00:28 +00:00			`{`
			`"id": "CVE-2023-4104",`
			`"sourceIdentifier": "security@mozilla.org",`
			`"published": "2023-09-11T09:15:08.997",`
Auto-Update: 2023-09-13T18:00:26.228859+00:00 2023-09-13 18:00:29 +00:00			`"lastModified": "2023-09-13T16:34:57.820",`
			`"vulnStatus": "Analyzed",`
Auto-Update: 2023-09-11T10:00:25.001618+00:00 2023-09-11 10:00:28 +00:00			`"descriptions": [`
			`{`
			`"lang": "en",`
			`"value": "An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups.\nThis bug only affects Mozilla VPN on Linux. Other operating systems are unaffected. This vulnerability affects Mozilla VPN client for Linux < v2.16.1."`
			`}`
			`],`
Auto-Update: 2023-09-13T18:00:26.228859+00:00 2023-09-13 18:00:29 +00:00			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"cvssData": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",`
			`"attackVector": "LOCAL",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "LOW",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "NONE",`
			`"integrityImpact": "HIGH",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 5.5,`
			`"baseSeverity": "MEDIUM"`
			`},`
			`"exploitabilityScore": 1.8,`
			`"impactScore": 3.6`
			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "nvd@nist.gov",`
			`"type": "Primary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-862"`
			`}`
			`]`
			`}`
			`],`
			`"configurations": [`
			`{`
			`"nodes": [`
			`{`
			`"operator": "OR",`
			`"negate": false,`
			`"cpeMatch": [`
			`{`
			`"vulnerable": true,`
			`"criteria": "cpe:2.3:a:mozilla:vpn::::::linux::*",`
			`"versionEndExcluding": "2.16.1",`
			`"matchCriteriaId": "60737FA0-0B0A-4423-891A-6E747F952254"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`],`
Auto-Update: 2023-09-11T10:00:25.001618+00:00 2023-09-11 10:00:28 +00:00			`"references": [`
			`{`
			`"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1831318",`
Auto-Update: 2023-09-13T18:00:26.228859+00:00 2023-09-13 18:00:29 +00:00			`"source": "security@mozilla.org",`
			`"tags": [`
			`"Exploit",`
			`"Issue Tracking"`
			`]`
Auto-Update: 2023-09-11T10:00:25.001618+00:00 2023-09-11 10:00:28 +00:00			`},`
			`{`
			`"url": "https://github.com/mozilla-mobile/mozilla-vpn-client/pull/7055",`
Auto-Update: 2023-09-13T18:00:26.228859+00:00 2023-09-13 18:00:29 +00:00			`"source": "security@mozilla.org",`
			`"tags": [`
			`"Issue Tracking",`
			`"Patch"`
			`]`
Auto-Update: 2023-09-11T10:00:25.001618+00:00 2023-09-11 10:00:28 +00:00			`},`
			`{`
			`"url": "https://github.com/mozilla-mobile/mozilla-vpn-client/pull/7110",`
Auto-Update: 2023-09-13T18:00:26.228859+00:00 2023-09-13 18:00:29 +00:00			`"source": "security@mozilla.org",`
			`"tags": [`
			`"Issue Tracking",`
			`"Patch"`
			`]`
Auto-Update: 2023-09-11T10:00:25.001618+00:00 2023-09-11 10:00:28 +00:00			`},`
			`{`
			`"url": "https://github.com/mozilla-mobile/mozilla-vpn-client/pull/7151",`
Auto-Update: 2023-09-13T18:00:26.228859+00:00 2023-09-13 18:00:29 +00:00			`"source": "security@mozilla.org",`
			`"tags": [`
			`"Issue Tracking"`
			`]`
Auto-Update: 2023-09-11T10:00:25.001618+00:00 2023-09-11 10:00:28 +00:00			`},`
			`{`
			`"url": "https://www.mozilla.org/security/advisories/mfsa2023-39/",`
Auto-Update: 2023-09-13T18:00:26.228859+00:00 2023-09-13 18:00:29 +00:00			`"source": "security@mozilla.org",`
			`"tags": [`
			`"Vendor Advisory"`
			`]`
Auto-Update: 2023-09-11T10:00:25.001618+00:00 2023-09-11 10:00:28 +00:00			`},`
			`{`
			`"url": "https://www.openwall.com/lists/oss-security/2023/08/03/1",`
Auto-Update: 2023-09-13T18:00:26.228859+00:00 2023-09-13 18:00:29 +00:00			`"source": "security@mozilla.org",`
			`"tags": [`
			`"Exploit",`
			`"Mailing List",`
			`"Third Party Advisory"`
			`]`
Auto-Update: 2023-09-11T10:00:25.001618+00:00 2023-09-11 10:00:28 +00:00			`}`
			`]`
			`}`