CVE-2023-3096 MEDIUM

CVE-2023-3096: KylinSoft kylin-software-properties changedSource access control

Vendor Kylinsoft

Product kylin-software-properties

Weakness CWE-284

Published June 5, 2023

Last update November 22, 2024

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

A vulnerability was found in KylinSoft kylin-software-properties on KylinOS. It has been declared as critical. This vulnerability affects the function changedSource. The manipulation leads to improper access controls. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.1-130 is able to address this issue. It is recommended to upgrade the affected component. VDB-230686 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

June 5, 2023 CVE published

November 22, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-3096 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

CVE-2023-3096: KylinSoft kylin-software-properties changedSource access control

01Description

02Disclosure timeline

03References

04Related CVE