Vulnerability-Lookup

CVE-2023-1350 (GCVE-0-2023-1350)

Vulnerability from cvelistv5 – Published: 2023-03-11 08:20 – Updated: 2024-08-02 05:41

Title

liferea Feed Enrichment update.c update_job_run os command injection

Summary

A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date >/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848.

Severity ?

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

6.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-78 - OS Command Injection

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.222848	vdb-entrytechnical-description
	https://vuldb.com/?ctiid.222848	signaturepermissions-required
	https://github.com/lwindolf/liferea/commit/8d8b5b…	patch

Impacted products

	Vendor	Product	Version
	n/a	liferea	Affected: 1.12.0 Affected: 1.12.1 Affected: 1.12.2 Affected: 1.12.3 Affected: 1.12.4 Affected: 1.12.5 Affected: 1.12.6 Affected: 1.12.7 Affected: 1.12.8 Affected: 1.12.9 Affected: 1.13.0 Affected: 1.13.1 Affected: 1.13.2 Affected: 1.13.3 Affected: 1.13.4 Affected: 1.13.5 Affected: 1.13.6 Affected: 1.13.7 Affected: 1.13.8 Affected: 1.13.9 Affected: 1.14-RC1 Affected: 1.14-RC2 Affected: 1.14-RC3 Affected: 1.14.0

Credits

VulDB GitHub Commit Analyzer

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:41:00.255Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.222848"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.222848"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/lwindolf/liferea/commit/8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Feed Enrichment"
          ],
          "product": "liferea",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "1.12.0"
            },
            {
              "status": "affected",
              "version": "1.12.1"
            },
            {
              "status": "affected",
              "version": "1.12.2"
            },
            {
              "status": "affected",
              "version": "1.12.3"
            },
            {
              "status": "affected",
              "version": "1.12.4"
            },
            {
              "status": "affected",
              "version": "1.12.5"
            },
            {
              "status": "affected",
              "version": "1.12.6"
            },
            {
              "status": "affected",
              "version": "1.12.7"
            },
            {
              "status": "affected",
              "version": "1.12.8"
            },
            {
              "status": "affected",
              "version": "1.12.9"
            },
            {
              "status": "affected",
              "version": "1.13.0"
            },
            {
              "status": "affected",
              "version": "1.13.1"
            },
            {
              "status": "affected",
              "version": "1.13.2"
            },
            {
              "status": "affected",
              "version": "1.13.3"
            },
            {
              "status": "affected",
              "version": "1.13.4"
            },
            {
              "status": "affected",
              "version": "1.13.5"
            },
            {
              "status": "affected",
              "version": "1.13.6"
            },
            {
              "status": "affected",
              "version": "1.13.7"
            },
            {
              "status": "affected",
              "version": "1.13.8"
            },
            {
              "status": "affected",
              "version": "1.13.9"
            },
            {
              "status": "affected",
              "version": "1.14-RC1"
            },
            {
              "status": "affected",
              "version": "1.14-RC2"
            },
            {
              "status": "affected",
              "version": "1.14-RC3"
            },
            {
              "status": "affected",
              "version": "1.14.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "tool",
          "value": "VulDB GitHub Commit Analyzer"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date \u0026gt;/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848."
        },
        {
          "lang": "de",
          "value": "Eine kritische Schwachstelle wurde in liferea ausgemacht. Betroffen davon ist die Funktion update_job_run der Datei src/update.c der Komponente Feed Enrichment. Durch Beeinflussen des Arguments source mit der Eingabe |date \u0026gt;/tmp/bad-item-link.txt mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 OS Command Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-21T08:09:50.222Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.222848"
        },
        {
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.222848"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/lwindolf/liferea/commit/8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-03-11T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2023-03-11T00:00:00.000Z",
          "value": "CVE reserved"
        },
        {
          "lang": "en",
          "time": "2023-03-11T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2023-04-04T12:58:58.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "liferea Feed Enrichment update.c update_job_run os command injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2023-1350",
    "datePublished": "2023-03-11T08:20:34.058Z",
    "dateReserved": "2023-03-11T08:19:42.582Z",
    "dateUpdated": "2024-08-02T05:41:00.255Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:liferea_project:liferea:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.14.1\", \"matchCriteriaId\": \"A6DAF5E1-033A-45DE-AEAB-2A72AFDC7814\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date \u0026gt;/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848.\"}]",
      "id": "CVE-2023-1350",
      "lastModified": "2024-11-21T07:39:00.393",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"cna@vuldb.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\", \"baseScore\": 6.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"cna@vuldb.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2023-03-11T09:15:10.197",
      "references": "[{\"url\": \"https://github.com/lwindolf/liferea/commit/8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59\", \"source\": \"cna@vuldb.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://vuldb.com/?ctiid.222848\", \"source\": \"cna@vuldb.com\", \"tags\": [\"Permissions Required\", \"VDB Entry\"]}, {\"url\": \"https://vuldb.com/?id.222848\", \"source\": \"cna@vuldb.com\", \"tags\": [\"VDB Entry\"]}, {\"url\": \"https://github.com/lwindolf/liferea/commit/8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://vuldb.com/?ctiid.222848\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"VDB Entry\"]}, {\"url\": \"https://vuldb.com/?id.222848\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"VDB Entry\"]}]",
      "sourceIdentifier": "cna@vuldb.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cna@vuldb.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-78\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-1350\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2023-03-11T09:15:10.197\",\"lastModified\":\"2024-11-21T07:39:00.393\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date \u0026gt;/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:liferea_project:liferea:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.14.1\",\"matchCriteriaId\":\"A6DAF5E1-033A-45DE-AEAB-2A72AFDC7814\"}]}]}],\"references\":[{\"url\":\"https://github.com/lwindolf/liferea/commit/8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/?ctiid.222848\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Permissions Required\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/?id.222848\",\"source\":\"cna@vuldb.com\",\"tags\":[\"VDB Entry\"]},{\"url\":\"https://github.com/lwindolf/liferea/commit/8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/?ctiid.222848\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/?id.222848\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"VDB Entry\"]}]}}"
  }
}

OPENSUSE-SU-2024:12783-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

liferea-1.14.1-1.1 on GA media

Notes

Title of the patch

liferea-1.14.1-1.1 on GA media

Description of the patch

These are all security issues fixed in the liferea-1.14.1-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-12783

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "liferea-1.14.1-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the liferea-1.14.1-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-12783",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12783-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-1350 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-1350/"
      }
    ],
    "title": "liferea-1.14.1-1.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:12783-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "liferea-1.14.1-1.1.aarch64",
                "product": {
                  "name": "liferea-1.14.1-1.1.aarch64",
                  "product_id": "liferea-1.14.1-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "liferea-lang-1.14.1-1.1.aarch64",
                "product": {
                  "name": "liferea-lang-1.14.1-1.1.aarch64",
                  "product_id": "liferea-lang-1.14.1-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "liferea-1.14.1-1.1.ppc64le",
                "product": {
                  "name": "liferea-1.14.1-1.1.ppc64le",
                  "product_id": "liferea-1.14.1-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "liferea-lang-1.14.1-1.1.ppc64le",
                "product": {
                  "name": "liferea-lang-1.14.1-1.1.ppc64le",
                  "product_id": "liferea-lang-1.14.1-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "liferea-1.14.1-1.1.s390x",
                "product": {
                  "name": "liferea-1.14.1-1.1.s390x",
                  "product_id": "liferea-1.14.1-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "liferea-lang-1.14.1-1.1.s390x",
                "product": {
                  "name": "liferea-lang-1.14.1-1.1.s390x",
                  "product_id": "liferea-lang-1.14.1-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "liferea-1.14.1-1.1.x86_64",
                "product": {
                  "name": "liferea-1.14.1-1.1.x86_64",
                  "product_id": "liferea-1.14.1-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "liferea-lang-1.14.1-1.1.x86_64",
                "product": {
                  "name": "liferea-lang-1.14.1-1.1.x86_64",
                  "product_id": "liferea-lang-1.14.1-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liferea-1.14.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:liferea-1.14.1-1.1.aarch64"
        },
        "product_reference": "liferea-1.14.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liferea-1.14.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:liferea-1.14.1-1.1.ppc64le"
        },
        "product_reference": "liferea-1.14.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liferea-1.14.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:liferea-1.14.1-1.1.s390x"
        },
        "product_reference": "liferea-1.14.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liferea-1.14.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:liferea-1.14.1-1.1.x86_64"
        },
        "product_reference": "liferea-1.14.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liferea-lang-1.14.1-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:liferea-lang-1.14.1-1.1.aarch64"
        },
        "product_reference": "liferea-lang-1.14.1-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liferea-lang-1.14.1-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:liferea-lang-1.14.1-1.1.ppc64le"
        },
        "product_reference": "liferea-lang-1.14.1-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liferea-lang-1.14.1-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:liferea-lang-1.14.1-1.1.s390x"
        },
        "product_reference": "liferea-lang-1.14.1-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liferea-lang-1.14.1-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:liferea-lang-1.14.1-1.1.x86_64"
        },
        "product_reference": "liferea-lang-1.14.1-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-1350",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-1350"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date \u0026gt;/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:liferea-1.14.1-1.1.aarch64",
          "openSUSE Tumbleweed:liferea-1.14.1-1.1.ppc64le",
          "openSUSE Tumbleweed:liferea-1.14.1-1.1.s390x",
          "openSUSE Tumbleweed:liferea-1.14.1-1.1.x86_64",
          "openSUSE Tumbleweed:liferea-lang-1.14.1-1.1.aarch64",
          "openSUSE Tumbleweed:liferea-lang-1.14.1-1.1.ppc64le",
          "openSUSE Tumbleweed:liferea-lang-1.14.1-1.1.s390x",
          "openSUSE Tumbleweed:liferea-lang-1.14.1-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-1350",
          "url": "https://www.suse.com/security/cve/CVE-2023-1350"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209190 for CVE-2023-1350",
          "url": "https://bugzilla.suse.com/1209190"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:liferea-1.14.1-1.1.aarch64",
            "openSUSE Tumbleweed:liferea-1.14.1-1.1.ppc64le",
            "openSUSE Tumbleweed:liferea-1.14.1-1.1.s390x",
            "openSUSE Tumbleweed:liferea-1.14.1-1.1.x86_64",
            "openSUSE Tumbleweed:liferea-lang-1.14.1-1.1.aarch64",
            "openSUSE Tumbleweed:liferea-lang-1.14.1-1.1.ppc64le",
            "openSUSE Tumbleweed:liferea-lang-1.14.1-1.1.s390x",
            "openSUSE Tumbleweed:liferea-lang-1.14.1-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:liferea-1.14.1-1.1.aarch64",
            "openSUSE Tumbleweed:liferea-1.14.1-1.1.ppc64le",
            "openSUSE Tumbleweed:liferea-1.14.1-1.1.s390x",
            "openSUSE Tumbleweed:liferea-1.14.1-1.1.x86_64",
            "openSUSE Tumbleweed:liferea-lang-1.14.1-1.1.aarch64",
            "openSUSE Tumbleweed:liferea-lang-1.14.1-1.1.ppc64le",
            "openSUSE Tumbleweed:liferea-lang-1.14.1-1.1.s390x",
            "openSUSE Tumbleweed:liferea-lang-1.14.1-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-1350"
    }
  ]
}

OPENSUSE-SU-2023:0096-1

Vulnerability from csaf_opensuse - Published: 2023-04-27 12:51 - Updated: 2023-04-27 12:51

Summary

Security update for liferea

Notes

Title of the patch

Security update for liferea

Description of the patch

liferea was updated to version 1.14.1: + Fix CVE-2023-1350 - Remote code execution on feed enrichment (boo#1209190). Update to version 1.14.0: + New 'Reader mode' preference that allows stripping all web content + Implement support for Webkits Intelligent Tracking Protection + New progress bar when loading websites + Youtube videos from media:video can be embedded now with a click on the video preview picture. + Changes to UserAgent handling: same UA is now used for both feed fetching and internal browsing. + New view mode 'Automatic' which switches between 'Normal' and 'Wide' mode based on the window proportions. + Liferea now supports the new GTK dark theme logic, where in the GTK/GNOME preferences you define wether you 'prefer' dark mode or light mode + Favicon discovery improvements: now detects all types of Apple Touch Icons, MS Tile Images and Safari Mask Icons + Increase size of stored favicons to 128x128px to improve icon quality in 3-pane wide view. + Make several plugins support gettext + Allow mutiple feed in same libnotify notification + Redesign of the update message in the status bar. It now shows a update counter of the feeds being in update. + You can now export a feed to XML file + Added an option to show news bins in reduced feed list + Added menu option to send item per mail + Default to https:// instead of http:// when user doesn't provide protocol on subscribing feed + Implement support for subscribing to LD+Json metadata listings e.g. concert or theater event listings + Implement support for subscribing to HTML5 websites + Support for media:description field of Youtube feeds + Improve HTML5 extraction: extract main tag if it exists and no article was found. + Execute feed pipe/filter commands asynchronously + Better explanation of feed update errors. + Added generic Google Reader API support (allows using FeedHQ, FreshRSS, Miniflux...) + Now allow converting TinyTinyRSS subscriptions to local subscriptions + New search folder rule to match podcasts + New search folder rule to match headline authors + New search folder rule to match subscription source + New search folder rule to match parent folder name + New search folder property that allows hiding read items + Now search folders are automatically rebuild when rules are changed + Added new plugin 'add-bookmark-site' that allows to configure a custom bookmarking site. + Added new plugin 'getfocus' that adds transparency on the feed list when it is not focussed. + Trayicon plugin has now a configuration option to change the behaviour when closing Liferea. + Trayicon plugin has now an option to disable minimizing to tray + New hot key Ctrl-D for 'Open in External Browser' + New hot key F10 for headerbar plugin to allow triggering the hamburger menu + New hot key Ctrl-0 to reset zoom + New hot key Ctrl-O to open enclosures + Fix hidden panes, Liferea will never allow the panes to be smaller than 5% in height or width + Wait for network to be fully available before updating + 2-pane mode was removed + Dropped CDF channel support + Dropped Atom 0.2/0.3 (aka Pie) support + Dropped blogChannel namespace support + Dropped photo namespace support - Require python3-cairo; needed for tray icon (boo#1193579).

Patchnames

openSUSE-2023-96

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for liferea",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nliferea was updated to version 1.14.1:\n\n+ Fix CVE-2023-1350 - Remote code execution on feed enrichment (boo#1209190).\n\nUpdate to version 1.14.0:\n\n+ New \u0027Reader mode\u0027 preference that allows stripping all web\n  content\n+ Implement support for Webkits Intelligent Tracking Protection\n+ New progress bar when loading websites\n+ Youtube videos from media:video can be embedded now with a\n  click on the video preview picture.\n+ Changes to UserAgent handling: same UA is now used for both\n  feed fetching and internal browsing.\n+ New view mode \u0027Automatic\u0027 which switches between \u0027Normal\u0027 and\n  \u0027Wide\u0027 mode based on the window proportions.\n+ Liferea now supports the new GTK dark theme logic, where in\n  the GTK/GNOME preferences you define wether you \u0027prefer\u0027 dark\n  mode or light mode\n+ Favicon discovery improvements: now detects all types of Apple\n  Touch Icons, MS Tile Images and Safari Mask Icons\n+ Increase size of stored favicons to 128x128px to improve icon\n  quality in 3-pane wide view.\n+ Make several plugins support gettext\n+ Allow mutiple feed in same libnotify notification\n+ Redesign of the update message in the status bar. It now shows\n  a update counter of the feeds being in update.\n+ You can now export a feed to XML file\n+ Added an option to show news bins in reduced feed list\n+ Added menu option to send item per mail\n+ Default to https:// instead of http:// when user doesn\u0027t\n  provide protocol on subscribing feed\n+ Implement support for subscribing to LD+Json metadata listings\n  e.g. concert or theater event listings\n+ Implement support for subscribing to HTML5 websites\n+ Support for media:description field of Youtube feeds\n+ Improve HTML5 extraction: extract main tag if it exists and\n  no article was found.\n+ Execute feed pipe/filter commands asynchronously\n+ Better explanation of feed update errors.\n+ Added generic Google Reader API support (allows using FeedHQ,\n  FreshRSS, Miniflux...)\n+ Now allow converting TinyTinyRSS subscriptions to\n  local subscriptions\n+ New search folder rule to match podcasts\n+ New search folder rule to match headline authors\n+ New search folder rule to match subscription source\n+ New search folder rule to match parent folder name\n+ New search folder property that allows hiding read items\n+ Now search folders are automatically rebuild when rules are\n  changed\n+ Added new plugin \u0027add-bookmark-site\u0027 that allows to configure\n  a custom bookmarking site.\n+ Added new plugin \u0027getfocus\u0027 that adds transparency on the feed\n  list when it is not focussed.\n+ Trayicon plugin has now a configuration option to change the\n  behaviour when closing Liferea.\n+ Trayicon plugin has now an option to disable minimizing to tray\n+ New hot key Ctrl-D for \u0027Open in External Browser\u0027\n+ New hot key F10 for headerbar plugin to allow triggering the\n  hamburger menu\n+ New hot key Ctrl-0 to reset zoom\n+ New hot key Ctrl-O to open enclosures\n+ Fix hidden panes, Liferea will never allow the panes to be\n  smaller than 5% in height or width\n+ Wait for network to be fully available before updating\n+ 2-pane mode was removed\n+ Dropped CDF channel support\n+ Dropped Atom 0.2/0.3 (aka Pie) support\n+ Dropped blogChannel namespace support\n+ Dropped photo namespace support\n\n- Require python3-cairo; needed for tray icon (boo#1193579).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2023-96",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2023_0096-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2023:0096-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U2XWO532L7BXCMKLBA5M4DP7HIU4NSO2/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2023:0096-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U2XWO532L7BXCMKLBA5M4DP7HIU4NSO2/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1193579",
        "url": "https://bugzilla.suse.com/1193579"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1209190",
        "url": "https://bugzilla.suse.com/1209190"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-1350 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-1350/"
      }
    ],
    "title": "Security update for liferea",
    "tracking": {
      "current_release_date": "2023-04-27T12:51:25Z",
      "generator": {
        "date": "2023-04-27T12:51:25Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2023:0096-1",
      "initial_release_date": "2023-04-27T12:51:25Z",
      "revision_history": [
        {
          "date": "2023-04-27T12:51:25Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "liferea-1.14.1-bp154.2.3.1.aarch64",
                "product": {
                  "name": "liferea-1.14.1-bp154.2.3.1.aarch64",
                  "product_id": "liferea-1.14.1-bp154.2.3.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "liferea-1.14.1-bp154.2.3.1.i586",
                "product": {
                  "name": "liferea-1.14.1-bp154.2.3.1.i586",
                  "product_id": "liferea-1.14.1-bp154.2.3.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "liferea-lang-1.14.1-bp154.2.3.1.noarch",
                "product": {
                  "name": "liferea-lang-1.14.1-bp154.2.3.1.noarch",
                  "product_id": "liferea-lang-1.14.1-bp154.2.3.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "liferea-1.14.1-bp154.2.3.1.ppc64le",
                "product": {
                  "name": "liferea-1.14.1-bp154.2.3.1.ppc64le",
                  "product_id": "liferea-1.14.1-bp154.2.3.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "liferea-1.14.1-bp154.2.3.1.s390x",
                "product": {
                  "name": "liferea-1.14.1-bp154.2.3.1.s390x",
                  "product_id": "liferea-1.14.1-bp154.2.3.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "liferea-1.14.1-bp154.2.3.1.x86_64",
                "product": {
                  "name": "liferea-1.14.1-bp154.2.3.1.x86_64",
                  "product_id": "liferea-1.14.1-bp154.2.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Package Hub 15 SP4",
                "product": {
                  "name": "SUSE Package Hub 15 SP4",
                  "product_id": "SUSE Package Hub 15 SP4"
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.4",
                "product": {
                  "name": "openSUSE Leap 15.4",
                  "product_id": "openSUSE Leap 15.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liferea-1.14.1-bp154.2.3.1.aarch64 as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:liferea-1.14.1-bp154.2.3.1.aarch64"
        },
        "product_reference": "liferea-1.14.1-bp154.2.3.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liferea-1.14.1-bp154.2.3.1.i586 as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:liferea-1.14.1-bp154.2.3.1.i586"
        },
        "product_reference": "liferea-1.14.1-bp154.2.3.1.i586",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liferea-1.14.1-bp154.2.3.1.ppc64le as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:liferea-1.14.1-bp154.2.3.1.ppc64le"
        },
        "product_reference": "liferea-1.14.1-bp154.2.3.1.ppc64le",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liferea-1.14.1-bp154.2.3.1.s390x as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:liferea-1.14.1-bp154.2.3.1.s390x"
        },
        "product_reference": "liferea-1.14.1-bp154.2.3.1.s390x",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liferea-1.14.1-bp154.2.3.1.x86_64 as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:liferea-1.14.1-bp154.2.3.1.x86_64"
        },
        "product_reference": "liferea-1.14.1-bp154.2.3.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liferea-lang-1.14.1-bp154.2.3.1.noarch as component of SUSE Package Hub 15 SP4",
          "product_id": "SUSE Package Hub 15 SP4:liferea-lang-1.14.1-bp154.2.3.1.noarch"
        },
        "product_reference": "liferea-lang-1.14.1-bp154.2.3.1.noarch",
        "relates_to_product_reference": "SUSE Package Hub 15 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liferea-1.14.1-bp154.2.3.1.aarch64 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:liferea-1.14.1-bp154.2.3.1.aarch64"
        },
        "product_reference": "liferea-1.14.1-bp154.2.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liferea-1.14.1-bp154.2.3.1.i586 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:liferea-1.14.1-bp154.2.3.1.i586"
        },
        "product_reference": "liferea-1.14.1-bp154.2.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liferea-1.14.1-bp154.2.3.1.ppc64le as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:liferea-1.14.1-bp154.2.3.1.ppc64le"
        },
        "product_reference": "liferea-1.14.1-bp154.2.3.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liferea-1.14.1-bp154.2.3.1.s390x as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:liferea-1.14.1-bp154.2.3.1.s390x"
        },
        "product_reference": "liferea-1.14.1-bp154.2.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liferea-1.14.1-bp154.2.3.1.x86_64 as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:liferea-1.14.1-bp154.2.3.1.x86_64"
        },
        "product_reference": "liferea-1.14.1-bp154.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "liferea-lang-1.14.1-bp154.2.3.1.noarch as component of openSUSE Leap 15.4",
          "product_id": "openSUSE Leap 15.4:liferea-lang-1.14.1-bp154.2.3.1.noarch"
        },
        "product_reference": "liferea-lang-1.14.1-bp154.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-1350",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-1350"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date \u0026gt;/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP4:liferea-1.14.1-bp154.2.3.1.aarch64",
          "SUSE Package Hub 15 SP4:liferea-1.14.1-bp154.2.3.1.i586",
          "SUSE Package Hub 15 SP4:liferea-1.14.1-bp154.2.3.1.ppc64le",
          "SUSE Package Hub 15 SP4:liferea-1.14.1-bp154.2.3.1.s390x",
          "SUSE Package Hub 15 SP4:liferea-1.14.1-bp154.2.3.1.x86_64",
          "SUSE Package Hub 15 SP4:liferea-lang-1.14.1-bp154.2.3.1.noarch",
          "openSUSE Leap 15.4:liferea-1.14.1-bp154.2.3.1.aarch64",
          "openSUSE Leap 15.4:liferea-1.14.1-bp154.2.3.1.i586",
          "openSUSE Leap 15.4:liferea-1.14.1-bp154.2.3.1.ppc64le",
          "openSUSE Leap 15.4:liferea-1.14.1-bp154.2.3.1.s390x",
          "openSUSE Leap 15.4:liferea-1.14.1-bp154.2.3.1.x86_64",
          "openSUSE Leap 15.4:liferea-lang-1.14.1-bp154.2.3.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-1350",
          "url": "https://www.suse.com/security/cve/CVE-2023-1350"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209190 for CVE-2023-1350",
          "url": "https://bugzilla.suse.com/1209190"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP4:liferea-1.14.1-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:liferea-1.14.1-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:liferea-1.14.1-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:liferea-1.14.1-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:liferea-1.14.1-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:liferea-lang-1.14.1-bp154.2.3.1.noarch",
            "openSUSE Leap 15.4:liferea-1.14.1-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:liferea-1.14.1-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:liferea-1.14.1-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:liferea-1.14.1-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:liferea-1.14.1-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:liferea-lang-1.14.1-bp154.2.3.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP4:liferea-1.14.1-bp154.2.3.1.aarch64",
            "SUSE Package Hub 15 SP4:liferea-1.14.1-bp154.2.3.1.i586",
            "SUSE Package Hub 15 SP4:liferea-1.14.1-bp154.2.3.1.ppc64le",
            "SUSE Package Hub 15 SP4:liferea-1.14.1-bp154.2.3.1.s390x",
            "SUSE Package Hub 15 SP4:liferea-1.14.1-bp154.2.3.1.x86_64",
            "SUSE Package Hub 15 SP4:liferea-lang-1.14.1-bp154.2.3.1.noarch",
            "openSUSE Leap 15.4:liferea-1.14.1-bp154.2.3.1.aarch64",
            "openSUSE Leap 15.4:liferea-1.14.1-bp154.2.3.1.i586",
            "openSUSE Leap 15.4:liferea-1.14.1-bp154.2.3.1.ppc64le",
            "openSUSE Leap 15.4:liferea-1.14.1-bp154.2.3.1.s390x",
            "openSUSE Leap 15.4:liferea-1.14.1-bp154.2.3.1.x86_64",
            "openSUSE Leap 15.4:liferea-lang-1.14.1-bp154.2.3.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-04-27T12:51:25Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-1350"
    }
  ]
}

GHSA-9Q9P-R5VC-G557

Vulnerability from github – Published: 2023-03-11 09:30 – Updated: 2023-03-15 18:30

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-1350"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-11T09:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date \u0026gt;/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848.",
  "id": "GHSA-9q9p-r5vc-g557",
  "modified": "2023-03-15T18:30:24Z",
  "published": "2023-03-11T09:30:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1350"
    },
    {
      "type": "WEB",
      "url": "https://github.com/lwindolf/liferea/commit/8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.222848"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.222848"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2023-1350

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-1350

Aliases

CVE-2023-1350

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-1350",
    "id": "GSD-2023-1350",
    "references": [
      "https://www.suse.com/security/cve/CVE-2023-1350.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-1350"
      ],
      "details": "A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date \u0026gt;/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848.",
      "id": "GSD-2023-1350",
      "modified": "2023-12-13T01:20:42.044111Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cna@vuldb.com",
        "ID": "CVE-2023-1350",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "liferea",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "1.12.0"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "1.12.1"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "1.12.2"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "1.12.3"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "1.12.4"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "1.12.5"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "1.12.6"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "1.12.7"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "1.12.8"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "1.12.9"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "1.13.0"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "1.13.1"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "1.13.2"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "1.13.3"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "1.13.4"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "1.13.5"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "1.13.6"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "1.13.7"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "1.13.8"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "1.13.9"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "1.14-RC1"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "1.14-RC2"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "1.14-RC3"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "1.14.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "credits": [
        {
          "lang": "en",
          "value": "VulDB GitHub Commit Analyzer"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date \u0026gt;/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848."
          },
          {
            "lang": "deu",
            "value": "Eine kritische Schwachstelle wurde in liferea ausgemacht. Betroffen davon ist die Funktion update_job_run der Datei src/update.c der Komponente Feed Enrichment. Durch Beeinflussen des Arguments source mit der Eingabe |date \u0026gt;/tmp/bad-item-link.txt mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-78",
                "lang": "eng",
                "value": "CWE-78 OS Command Injection"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://vuldb.com/?id.222848",
            "refsource": "MISC",
            "url": "https://vuldb.com/?id.222848"
          },
          {
            "name": "https://vuldb.com/?ctiid.222848",
            "refsource": "MISC",
            "url": "https://vuldb.com/?ctiid.222848"
          },
          {
            "name": "https://github.com/lwindolf/liferea/commit/8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59",
            "refsource": "MISC",
            "url": "https://github.com/lwindolf/liferea/commit/8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:liferea_project:liferea:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A6DAF5E1-033A-45DE-AEAB-2A72AFDC7814",
                    "versionEndExcluding": "1.14.1",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date \u0026gt;/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848."
          }
        ],
        "id": "CVE-2023-1350",
        "lastModified": "2024-04-11T01:18:04.117",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "integrityImpact": "PARTIAL",
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              "exploitabilityScore": 8.0,
              "impactScore": 6.4,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "cna@vuldb.com",
              "type": "Secondary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 3.4,
              "source": "cna@vuldb.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2023-03-11T09:15:10.197",
        "references": [
          {
            "source": "cna@vuldb.com",
            "tags": [
              "Patch",
              "Third Party Advisory"
            ],
            "url": "https://github.com/lwindolf/liferea/commit/8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59"
          },
          {
            "source": "cna@vuldb.com",
            "tags": [
              "Permissions Required",
              "VDB Entry"
            ],
            "url": "https://vuldb.com/?ctiid.222848"
          },
          {
            "source": "cna@vuldb.com",
            "tags": [
              "VDB Entry"
            ],
            "url": "https://vuldb.com/?id.222848"
          }
        ],
        "sourceIdentifier": "cna@vuldb.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-78"
              }
            ],
            "source": "cna@vuldb.com",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

FKIE_CVE-2023-1350

Vulnerability from fkie_nvd - Published: 2023-03-11 09:15 - Updated: 2024-11-21 07:39

Severity ?

6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cna@vuldb.com	https://github.com/lwindolf/liferea/commit/8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59	Patch, Third Party Advisory
cna@vuldb.com	https://vuldb.com/?ctiid.222848	Permissions Required, VDB Entry
cna@vuldb.com	https://vuldb.com/?id.222848	VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://github.com/lwindolf/liferea/commit/8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://vuldb.com/?ctiid.222848	Permissions Required, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://vuldb.com/?id.222848	VDB Entry

Impacted products

	Vendor	Product	Version
	liferea_project	liferea	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:liferea_project:liferea:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6DAF5E1-033A-45DE-AEAB-2A72AFDC7814",
              "versionEndExcluding": "1.14.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date \u0026gt;/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848."
    }
  ],
  "id": "CVE-2023-1350",
  "lastModified": "2024-11-21T07:39:00.393",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4,
        "source": "cna@vuldb.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-11T09:15:10.197",
  "references": [
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/lwindolf/liferea/commit/8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Permissions Required",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?ctiid.222848"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?id.222848"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/lwindolf/liferea/commit/8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?ctiid.222848"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?id.222848"
    }
  ],
  "sourceIdentifier": "cna@vuldb.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "cna@vuldb.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-1350 (GCVE-0-2023-1350)

OPENSUSE-SU-2024:12783-1

OPENSUSE-SU-2023:0096-1

GHSA-9Q9P-R5VC-G557

GSD-2023-1350

FKIE_CVE-2023-1350

Tags

Sightings

Nomenclature