How severe is CVE-2023-3099?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2023-3099?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2023-3099 - HIGH Severity | CVSS 7.1

Vulnerability Description

A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function delete_file in the library dbus.SystemBus of the component Arbitrary File Handler. The manipulation leads to improper access controls. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.2-0kylin6k70-23 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-230689 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Related Vulnerabilities

CVE-2014-2277

HIGH

CVSS:7.1(High)

The make_temporary_filename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpna...

CWE-2842014

CVE-2016-2150

HIGH

CVSS:7.1(High)

SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.

CWE-2842016

CVE-2016-3708

HIGH

CVSS:7.1(High)

Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and a build is run in a namespace that would normally be isolated from pods in other namespaces, allows remote authenticated users to...

CWE-2842016

CVE-2016-3713

HIGH

CVSS:7.1(High)

The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel before 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or write to the kvm_arch_vcpu data structure, and consequent...

CWE-2842016

CVE-2016-5173

HIGH

CVSS:7.1(High)

The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to Object.prototype, which allows remote attackers to load unintended resources, and consequently trigg...

CWE-2842016

CVE-2016-5492

HIGH

CVSS:7.1(High)

Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows local users to affect confidentiality and integrity via vectors relate...

CWE-2842016