CVE-2023-43782
 
Severity Score
5.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop-daemon.x Temporary File. The file is used even if it has been created by a local adversary before Cadence started. The adversary can then delete the file, disrupting Cadence.
Cadence hasta 0.9.2 2023-08-21 utiliza un archivo temporal /tmp/.cadence-aloop-daemon.x inseguro. El archivo se utiliza incluso si ha sido creado por un adversario local antes de que comenzara Cadence. Luego, el adversario puede eliminar el archivo, interrumpiendo Cadence.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-09-22 CVE Reserved
- 2023-09-22 CVE Published
- 2023-10-06 EPSS Updated
- 2024-09-24 CVE Updated
- 2024-09-24 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-668: Exposure of Resource to Wrong Sphere
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://bugzilla.suse.com/show_bug.cgi?id=1213983 | Issue Tracking | |
https://github.com/falkTX/Cadence | Product |
URL | Date | SRC |
---|---|---|
http://www.openwall.com/lists/oss-security/2023/10/05/4 | 2024-09-24 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|