How severe is CVE-2023-52138?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.6 out of 10.

What type of vulnerability is CVE-2023-52138?

This is classified as CWE-25, which is a common weakness in software security.

CVE-2023-52138

CRITICAL Year: 2023

CVSS v3 Score

9.6

Critical

Weakness Type

CWE-25

View all →

Vulnerability Description

Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution (RCE) on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by default will follow stored symlinks while extracting and the Archiver will not check the symlink location, which leads to arbitrary file writes to unintended locations. When the victim extracts the archive, the attacker can craft a malicious cpio or ISO archive to achieve RCE on the target system. This vulnerability was fixed in commit 63d5dfa.

CVE-2022-20775

HIGH

CVSS:7.8(High)

Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on comm...

CWE-252022

CVE-2022-20818

HIGH

CVSS:7.8(High)

CWE-252022

CVE-2023-6947

HIGH

CVSS:7.7(High)

The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.26. This makes it possible for authenticated attacker...

CWE-252023