VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-ayxt-x1mc-aaas

Essentials
Severities (80)
References (10)
Severity details (10)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-ayxt-x1mc-aaas
Aliases	CVE-2023-52076
Summary	Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The only limitation is that this vulnerability cannot be exploited to overwrite existing files, but that doesn't stop an attacker from achieving Remote Command Execution on the target system. Version 1.26.2 of Atril contains a patch for this vulnerability.
Status	Published
Exploitability	0.5
Weighted Severity	7.7
Risk	3.9
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-24	Path Traversal: '../filedir'
CWE-25	Path Traversal: '/../filedir'
CWE-27	Path Traversal: 'dir/../../filename'

System	Score	Found at
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.00615	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.00615	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.00615	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.00615	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.00615	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.00615	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.00615	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.00615	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.00615	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.00615	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.00615	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.00670	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.00670	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.00670	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.00670	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.04239	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.06546	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.10136	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
epss	0.10136	https://api.first.org/data/v1/epss?cve=CVE-2023-52076
cvssv3.1	8.5	https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50
ssvc	Track*	https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50
cvssv3.1	8.5	https://github.com/mate-desktop/atril/releases/tag/v1.26.2
ssvc	Track*	https://github.com/mate-desktop/atril/releases/tag/v1.26.2
cvssv3.1	8.5	https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37
ssvc	Track*	https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37
cvssv3.1	8.5	https://lists.debian.org/debian-lts-announce/2024/06/msg00003.html
ssvc	Track*	https://lists.debian.org/debian-lts-announce/2024/06/msg00003.html
cvssv3	7.8	https://nvd.nist.gov/vuln/detail/CVE-2023-52076
cvssv3.1	7.8	https://nvd.nist.gov/vuln/detail/CVE-2023-52076

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2023-52076
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52076
		https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50
		https://github.com/mate-desktop/atril/releases/tag/v1.26.2
		https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37
		https://lists.debian.org/debian-lts-announce/2024/06/msg00003.html
1061522		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061522
cpe:2.3:a:mate-desktop:atril::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mate-desktop:atril::::::::
CVE-2023-52076		https://nvd.nist.gov/vuln/detail/CVE-2023-52076
USN-6808-1		https://usn.ubuntu.com/6808-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L Found at https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-01-25T20:55:51Z/ Found at https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L Found at https://github.com/mate-desktop/atril/releases/tag/v1.26.2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-01-25T20:55:51Z/ Found at https://github.com/mate-desktop/atril/releases/tag/v1.26.2

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L Found at https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-01-25T20:55:51Z/ Found at https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L Found at https://lists.debian.org/debian-lts-announce/2024/06/msg00003.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-01-25T20:55:51Z/ Found at https://lists.debian.org/debian-lts-announce/2024/06/msg00003.html

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-52076

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-52076

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.50157
EPSS Score	0.00298
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2024-01-26T00:24:47.544059+00:00	Debian Importer	Import	https://security-tracker.debian.org/tracker/data/json	34.0.0rc2