UBUNTU-CVE-2023-38319

Source
https://ubuntu.com/security/CVE-2023-38319
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-38319.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2023-38319
Related
Published
2024-01-26T05:15:00Z
Modified
2024-10-15T14:11:39Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in OpenNDS before 10.1.3. It fails to sanitize the FAS key entry in the configuration file, allowing attackers that have direct or indirect access to this file to execute arbitrary OS commands.

References

Affected packages

Ubuntu:24.10 / opennds

Package

Name
opennds
Purl
pkg:deb/ubuntu/opennds?arch=src?distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

10.*

10.2.0+dfsg-1build2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / opennds

Package

Name
opennds
Purl
pkg:deb/ubuntu/opennds?arch=src?distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.10.0-1

10.*

10.2.0+dfsg-1
10.2.0+dfsg-1build1
10.2.0+dfsg-1build2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}