Vulnerability Description
A vulnerability was found in KylinSoft kylin-software-properties on KylinOS. It has been rated as critical. This issue affects the function setMainSource. The manipulation leads to os command injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.1-130 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230687. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kylinos | Kylin-Software-Properties | < 0.0.1-130 |
Related Weaknesses (CWE)
References
- https://github.com/i900008/vulndb/blob/main/kylinos_vul2.mdExploitThird Party Advisory
- https://vuldb.com/?ctiid.230687Permissions RequiredThird Party Advisory
- https://vuldb.com/?id.230687Third Party Advisory
- https://github.com/i900008/vulndb/blob/main/kylinos_vul2.mdExploitThird Party Advisory
- https://vuldb.com/?ctiid.230687Permissions RequiredThird Party Advisory
- https://vuldb.com/?id.230687Third Party Advisory
FAQ
What is CVE-2023-3097?
CVE-2023-3097 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability was found in KylinSoft kylin-software-properties on KylinOS. It has been rated as critical. This issue affects the function setMainSource. The manipulation leads to os command injectio...
How severe is CVE-2023-3097?
CVE-2023-3097 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-3097?
Check the references section above for vendor advisories and patch information. Affected products include: Kylinos Kylin-Software-Properties.