Search criteria
1 vulnerability by stellarium
CVE-2023-28371 (GCVE-0-2023-28371)
Vulnerability from cvelistv5 – Published: 2023-03-15 00:00 – Updated: 2025-02-27 20:25
VLAI
Summary
In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:24.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Stellarium/stellarium/commit/1261f74dc4aa6bbd01ab514343424097f8cf46b7"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Stellarium/stellarium/commit/eba61df3b38605befcb43687a4c0a159dbc0c5cb"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Stellarium/stellarium/commit/787a894897b7872ae96e6f5804a182210edd5c78"
},
{
"name": "FEDORA-2023-57f5e7c000",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KG6UNRAOYZJSMIUELY3MMJ5J6LIUZXLT/"
},
{
"name": "FEDORA-2023-b7e90bc682",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/REDZB5J7WDN2P3NYWFO2NNJXSTOFUUKM/"
},
{
"name": "FEDORA-2023-2cf272ad72",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQ4ZGY5MDDHBEOQTD4IIA2RFID3ATPXA/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28371",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T20:25:34.272043Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:25:46.065Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-29T01:06:17.064Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Stellarium/stellarium/commit/1261f74dc4aa6bbd01ab514343424097f8cf46b7"
},
{
"url": "https://github.com/Stellarium/stellarium/commit/eba61df3b38605befcb43687a4c0a159dbc0c5cb"
},
{
"url": "https://github.com/Stellarium/stellarium/commit/787a894897b7872ae96e6f5804a182210edd5c78"
},
{
"name": "FEDORA-2023-57f5e7c000",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KG6UNRAOYZJSMIUELY3MMJ5J6LIUZXLT/"
},
{
"name": "FEDORA-2023-b7e90bc682",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/REDZB5J7WDN2P3NYWFO2NNJXSTOFUUKM/"
},
{
"name": "FEDORA-2023-2cf272ad72",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQ4ZGY5MDDHBEOQTD4IIA2RFID3ATPXA/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-28371",
"datePublished": "2023-03-15T00:00:00.000Z",
"dateReserved": "2023-03-15T00:00:00.000Z",
"dateUpdated": "2025-02-27T20:25:46.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}