How severe is CVE-2023-3972?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2023-3972?

This is classified as CWE-379, which is a common weakness in software security.

CVE-2023-3972 - HIGH Severity | CVSS 7.8

Vulnerability Description

A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).

Related Vulnerabilities

CVE-2016-9486

HIGH

CVSS:7.8(High)

On Windows endpoints, the SecureConnector agent must run under the local SYSTEM account or another administrator account in order to enable full functionality of the agent. The typical configuration i...

CWE-3792016

CVE-2021-21100

HIGH

CVSS:7.8(High)

Adobe Digital Editions version 4.5.11.187245 (and earlier) is affected by a Privilege Escalation vulnerability during installation. An unauthenticated attacker could leverage this vulnerability to ach...

CWE-3792021

CVE-2021-31411

HIGH

CVSS:7.8(High)

Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 (Vaadin 14.0.3 through Vaadin 14.5.2), 3.0 prior to 6.0 (Vaadin 15 prior to 19...

CWE-3792021

CVE-2023-21611

HIGH

CVSS:7.8(High)

Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Creation of Temporary File in Directory with Incorrect Permissions...

CWE-3792023

CVE-2023-21612

HIGH

CVSS:7.8(High)

CWE-3792023

CVE-2023-26396

HIGH

CVSS:7.8(High)

Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could re...

CWE-3792023