CVE-2023-43799 MEDIUM

CVE-2023-43799: The Altair Desktop Client Does Not Sanitize External URLs before passing them to the underlying system

Vendor Altair-Graphql

Product altair

Weakness CWE-20 · Input validation

Published October 4, 2023

Last update September 20, 2024

View on NVD All CVEs

CVSS base score

5.0/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Altair is a GraphQL Client. Prior to version 5.2.5, the Altair GraphQL Client Desktop Application does not sanitize external URLs before passing them to the underlying system. Moreover, Altair GraphQL Client also does not isolate the context of the renderer process. This affects versions of the software running on MacOS, Windows, and Linux. Version 5.2.5 fixes this issue.

Key dates

02Disclosure timeline

October 4, 2023 CVE published

September 20, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-43799 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

CVE-2023-43799: The Altair Desktop Client Does Not Sanitize External URLs before passing them to the underlying system

01Description

02Disclosure timeline

03References

04Related CVE