2023-09-09 23:55:21 +00:00
{
"id" : "CVE-2023-41915" ,
"sourceIdentifier" : "cve@mitre.org" ,
"published" : "2023-09-09T22:15:09.530" ,
2024-12-08 03:06:42 +00:00
"lastModified" : "2024-11-21T08:21:54.753" ,
2024-07-10 20:03:12 +00:00
"vulnStatus" : "Modified" ,
"cveTags" : [ ] ,
2023-09-09 23:55:21 +00:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0."
2023-10-03 18:00:29 +00:00
} ,
{
"lang" : "es" ,
"value" : "OpenPMIx PMIx antes de las versiones 4.2.6 y 5.0.x antes de 5.0.1, permite a los atacantes obtener la propiedad de archivos arbitrarios a trav\u00e9s de una condici\u00f3n de ejecuci\u00f3n durante la ejecuci\u00f3n de c\u00f3digo de librer\u00eda con UID 0."
2023-09-09 23:55:21 +00:00
}
] ,
2023-09-13 16:00:28 +00:00
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 8.1 ,
"baseSeverity" : "HIGH" ,
2023-09-13 16:00:28 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "HIGH" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "HIGH"
2023-09-13 16:00:28 +00:00
} ,
"exploitabilityScore" : 2.2 ,
"impactScore" : 5.9
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-362"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:openpmix:openpmix:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "4.2.6" ,
"matchCriteriaId" : "51DFCE2C-36A6-49EA-87C2-3B7E4033DA13"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:openpmix:openpmix:5.0.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "69D73F5F-2B17-4185-AA62-5056C88D15CE"
}
]
}
]
2023-10-29 09:06:41 +00:00
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
2024-01-09 05:00:28 +00:00
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
2023-09-13 16:00:28 +00:00
}
] ,
2023-09-09 23:55:21 +00:00
"references" : [
2024-07-10 20:03:12 +00:00
{
"url" : "http://www.openwall.com/lists/oss-security/2024/07/10/3" ,
"source" : "cve@mitre.org"
} ,
2024-07-10 23:58:13 +00:00
{
"url" : "http://www.openwall.com/lists/oss-security/2024/07/10/4" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "http://www.openwall.com/lists/oss-security/2024/07/10/6" ,
"source" : "cve@mitre.org"
} ,
2024-07-11 16:03:16 +00:00
{
"url" : "http://www.openwall.com/lists/oss-security/2024/07/11/3" ,
"source" : "cve@mitre.org"
} ,
2023-09-09 23:55:21 +00:00
{
"url" : "https://docs.openpmix.org/en/latest/security.html" ,
2023-09-13 16:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Not Applicable"
]
2023-09-09 23:55:21 +00:00
} ,
{
"url" : "https://github.com/openpmix/openpmix/releases/tag/v4.2.6" ,
2023-09-13 16:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-09-09 23:55:21 +00:00
} ,
{
"url" : "https://github.com/openpmix/openpmix/releases/tag/v5.0.1" ,
2023-09-13 16:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Release Notes"
]
2023-10-03 18:00:29 +00:00
} ,
2023-11-01 00:55:23 +00:00
{
"url" : "https://lists.debian.org/debian-lts-announce/2023/10/msg00048.html" ,
2024-01-09 05:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
2023-11-01 00:55:23 +00:00
} ,
2023-10-03 18:00:29 +00:00
{
2023-11-07 21:03:21 +00:00
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFKIY6SNC3KQNZMVROWMIW6DI5XPNKQX/" ,
2024-01-09 05:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
2023-10-04 06:00:28 +00:00
} ,
{
2023-11-07 21:03:21 +00:00
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYJ7IRNR6NHJMTNOV3E3W3D5MLDRDCJX/" ,
2024-01-09 05:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
2023-10-04 06:00:28 +00:00
} ,
{
2023-11-07 21:03:21 +00:00
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YDLWSMQYXF2ZGOQKCG26H6ZZA5FEH7HX/" ,
2024-01-09 05:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
2023-11-04 15:00:24 +00:00
} ,
{
"url" : "https://www.debian.org/security/2023/dsa-5547" ,
2024-01-09 05:00:28 +00:00
"source" : "cve@mitre.org" ,
"tags" : [
"Third Party Advisory"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "http://www.openwall.com/lists/oss-security/2024/07/10/3" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://www.openwall.com/lists/oss-security/2024/07/10/4" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://www.openwall.com/lists/oss-security/2024/07/10/6" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "http://www.openwall.com/lists/oss-security/2024/07/11/3" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108"
} ,
{
"url" : "https://docs.openpmix.org/en/latest/security.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Not Applicable"
]
} ,
{
"url" : "https://github.com/openpmix/openpmix/releases/tag/v4.2.6" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Release Notes"
]
} ,
{
"url" : "https://github.com/openpmix/openpmix/releases/tag/v5.0.1" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Release Notes"
]
} ,
{
"url" : "https://lists.debian.org/debian-lts-announce/2023/10/msg00048.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFKIY6SNC3KQNZMVROWMIW6DI5XPNKQX/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SYJ7IRNR6NHJMTNOV3E3W3D5MLDRDCJX/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YDLWSMQYXF2ZGOQKCG26H6ZZA5FEH7HX/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Mailing List" ,
"Third Party Advisory"
]
} ,
{
"url" : "https://www.debian.org/security/2023/dsa-5547" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory"
]
2023-09-09 23:55:21 +00:00
}
]
}
