VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-7wm2-db6q-aaad

Essentials
Severities (111)
References (31)
Severity details (25)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-7wm2-db6q-aaad
Aliases	CVE-2023-36479 GHSA-3gh6-v5v9-6v9j
Summary	Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2.
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-149	Improper Neutralization of Quoting Syntax
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	7.5	https://access.redhat.com/errata/RHSA-2023:7247
ssvc	Track	https://access.redhat.com/errata/RHSA-2023:7247
cvssv3.1	6.3	https://access.redhat.com/errata/RHSA-2024:2010
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:2010
cvssv3	3.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36479.json
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00098	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00212	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00222	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00862	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00862	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00862	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00862	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00862	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00862	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00862	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00862	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00862	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00862	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00862	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00862	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00862	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00862	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00862	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00872	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00872	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00872	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00886	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00886	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.00886	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01167	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01167	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01167	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01167	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01167	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01167	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01167	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01167	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01167	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01167	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01167	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01167	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01167	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01167	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01167	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01167	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01167	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01167	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01167	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01167	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01167	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01167	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01167	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01167	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01167	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01199	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01199	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01199	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01199	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01199	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01199	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01199	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01199	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.01199	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.02938	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.02938	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.02938	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.02938	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.02938	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.02938	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.02938	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.02938	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.02938	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.02938	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.02938	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.02938	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.02938	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.02938	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
epss	0.0559	https://api.first.org/data/v1/epss?cve=CVE-2023-36479
cvssv3.1	3.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-3gh6-v5v9-6v9j
cvssv3.1	3.5	https://github.com/eclipse/jetty.project
generic_textual	LOW	https://github.com/eclipse/jetty.project
cvssv3.1	3.5	https://github.com/eclipse/jetty.project/pull/9516
generic_textual	LOW	https://github.com/eclipse/jetty.project/pull/9516
cvssv3.1	3.5	https://github.com/eclipse/jetty.project/pull/9888
generic_textual	LOW	https://github.com/eclipse/jetty.project/pull/9888
cvssv3.1	3.5	https://github.com/eclipse/jetty.project/pull/9889
generic_textual	LOW	https://github.com/eclipse/jetty.project/pull/9889
cvssv3.1	3.5	https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j
cvssv3.1_qr	LOW	https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j
generic_textual	LOW	https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j
cvssv3.1	3.5	https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html
generic_textual	LOW	https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html
cvssv3	4.3	https://nvd.nist.gov/vuln/detail/CVE-2023-36479
cvssv3.1	3.1	https://nvd.nist.gov/vuln/detail/CVE-2023-36479
cvssv3.1	4.3	https://nvd.nist.gov/vuln/detail/CVE-2023-36479
cvssv3.1	3.5	https://www.debian.org/security/2023/dsa-5507
generic_textual	LOW	https://www.debian.org/security/2023/dsa-5507

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36479.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-36479
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26048
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26049
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36479
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41900
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/eclipse/jetty.project
		https://github.com/eclipse/jetty.project/pull/9516
		https://github.com/eclipse/jetty.project/pull/9888
		https://github.com/eclipse/jetty.project/pull/9889
		https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j
		https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html
		https://www.debian.org/security/2023/dsa-5507
2239630		https://bugzilla.redhat.com/show_bug.cgi?id=2239630
cpe:2.3:a:eclipse:jetty::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty::::::::
cpe:2.3:a:eclipse:jetty:12.0.0:alpha1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:12.0.0:alpha1::::::
cpe:2.3:a:eclipse:jetty:12.0.0:alpha2::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:12.0.0:alpha2::::::
cpe:2.3:a:eclipse:jetty:12.0.0:alpha3::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:12.0.0:alpha3::::::
cpe:2.3:a:eclipse:jetty:12.0.0:beta0::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:12.0.0:beta0::::::
cpe:2.3:a:eclipse:jetty:12.0.0:beta1::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:eclipse:jetty:12.0.0:beta1::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
cpe:2.3:o:debian:debian_linux:11.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:11.0:::::::*
cpe:2.3:o:debian:debian_linux:12.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:12.0:::::::*
CVE-2023-36479		https://nvd.nist.gov/vuln/detail/CVE-2023-36479
GHSA-3gh6-v5v9-6v9j		https://github.com/advisories/GHSA-3gh6-v5v9-6v9j
RHSA-2023:7247		https://access.redhat.com/errata/RHSA-2023:7247
RHSA-2024:0797		https://access.redhat.com/errata/RHSA-2024:0797
RHSA-2024:2010		https://access.redhat.com/errata/RHSA-2024:2010
RHSA-2024:3354		https://access.redhat.com/errata/RHSA-2024:3354

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/errata/RHSA-2023:7247

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-13T20:07:40Z/ Found at https://access.redhat.com/errata/RHSA-2023:7247

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N Found at https://access.redhat.com/errata/RHSA-2024:2010

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T14:15:00Z/ Found at https://access.redhat.com/errata/RHSA-2024:2010

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36479.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N Found at https://github.com/eclipse/jetty.project

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N Found at https://github.com/eclipse/jetty.project/pull/9516

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N Found at https://github.com/eclipse/jetty.project/pull/9888

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N Found at https://github.com/eclipse/jetty.project/pull/9889

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N Found at https://github.com/eclipse/jetty.project/security/advisories/GHSA-3gh6-v5v9-6v9j

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N Found at https://lists.debian.org/debian-lts-announce/2023/09/msg00039.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-36479

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-36479

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-36479

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N Found at https://www.debian.org/security/2023/dsa-5507

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.41720
EPSS Score	0.00098
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.