CVE-2023-28101 — MEDIUM (5.0)

Q: How severe is CVE-2023-28101?

CVE-2023-28101 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-28101?

Check the references section above for vendor advisories and patch information. Affected products include: Flatpak Flatpak.

Vulnerability Description

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app with elevated permissions, they can hide those permissions from users of the `flatpak(1)` command-line interface by setting other permissions to crafted values that contain non-printable control characters such as `ESC`. A fix is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, use a GUI like GNOME Software rather than the command-line interface, or only install apps whose maintainers you trust.

CVSS Score

5.0

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Flatpak	Flatpak	< 1.10.8

Related Weaknesses (CWE)

CWE-116

References

FAQ

What is CVE-2023-28101?

CVE-2023-28101 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4, if an attacker publishes a Flatpak app wit...

How severe is CVE-2023-28101?

CVE-2023-28101 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-28101?

Check the references section above for vendor advisories and patch information. Affected products include: Flatpak Flatpak.