CVE-2023-3096

Published: Jun 5, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A vulnerability was found in KylinSoft kylin-software-properties on KylinOS. It has been declared as critical. This vulnerability affects the function changedSource. The manipulation leads to improper access controls. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.1-130 is able to address this issue. It is recommended to upgrade the affected component. VDB-230686 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Affected (1)

Products: Kylinos: Kylin Software Properties

1 product

Kylin Software Properties

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Kylinos Kylin Software Properties	Before 0.0.1-130

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (6)

https://github.com/i900008/vulndb/blob/main/kylinos_vul1.md

Source: cna@vuldb.com

Exploit

https://vuldb.com/?ctiid.230686

Source: cna@vuldb.com

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.230686

Source: cna@vuldb.com

Third Party Advisory

https://github.com/i900008/vulndb/blob/main/kylinos_vul1.md

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://vuldb.com/?ctiid.230686

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.230686

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.