CVE-2023-5557
Tracker-miners: sandbox escape
Severity Score
7.7
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability.
Se encontró una falla en el paquete tracker-miners. Una debilidad en la sandbox permite que un archivo creado con fines malintencionados ejecute código fuera de la sandbox si el proceso de extracción del rastreador se ha visto comprometido primero por una vulnerabilidad separada.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-10-12 CVE Reserved
- 2023-10-13 CVE Published
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- 2024-11-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-693: Protection Mechanism Failure
CAPEC
References (10)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2243096 | 2024-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2023:7712 | 2023-12-12 | |
| https://access.redhat.com/errata/RHSA-2023:7713 | 2023-12-12 | |
| https://access.redhat.com/errata/RHSA-2023:7730 | 2023-12-12 | |
| https://access.redhat.com/errata/RHSA-2023:7731 | 2023-12-12 | |
| https://access.redhat.com/errata/RHSA-2023:7732 | 2023-12-12 | |
| https://access.redhat.com/errata/RHSA-2023:7733 | 2023-12-12 | |
| https://access.redhat.com/errata/RHSA-2023:7739 | 2023-12-12 | |
| https://access.redhat.com/errata/RHSA-2023:7744 | 2023-12-12 | |
| https://access.redhat.com/security/cve/CVE-2023-5557 | 2023-12-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnome Search vendor "Gnome" | Tracker Miners Search vendor "Gnome" for product "Tracker Miners" | < 3.3.2 Search vendor "Gnome" for product "Tracker Miners" and version " < 3.3.2" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Tracker Miners Search vendor "Gnome" for product "Tracker Miners" | >= 3.4.0 < 3.4.5 Search vendor "Gnome" for product "Tracker Miners" and version " >= 3.4.0 < 3.4.5" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Tracker Miners Search vendor "Gnome" for product "Tracker Miners" | >= 3.5.0 < 3.5.3 Search vendor "Gnome" for product "Tracker Miners" and version " >= 3.5.0 < 3.5.3" | - |
Affected
| ||||||
| Gnome Search vendor "Gnome" | Tracker Miners Search vendor "Gnome" for product "Tracker Miners" | >= 3.6.0 < 3.6.1 Search vendor "Gnome" for product "Tracker Miners" and version " >= 3.6.0 < 3.6.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0" | - |
Affected
| ||||||