DEBIAN-CVE-2023-28101
- Source
- https://security-tracker.debian.org/tracker/DEBIAN-CVE-2023-28101
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-28101.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-28101
- Upstream
- Published
- 2023-03-16T16:15:12Z
- Modified
- 2025-09-19T07:33:16.337300Z
- Summary
- [none]
- Details
-
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the
flatpak(1)command-line interface by setting other permissions to crafted values that contain non-printable control characters such asESC. A fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust. - References
Affected packages
Debian:11 / flatpak
Package
- Name
- flatpak
- Purl
- pkg:deb/debian/flatpak?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.10.8-0+deb11u1
Debian:12 / flatpak
Package
- Name
- flatpak
- Purl
- pkg:deb/debian/flatpak?arch=source
Debian:13 / flatpak
Package
- Name
- flatpak
- Purl
- pkg:deb/debian/flatpak?arch=source
Debian:14 / flatpak
Package
- Name
- flatpak
- Purl
- pkg:deb/debian/flatpak?arch=source