VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-ghmn-wkwj-aaam

Essentials
Severities (104)
References (18)
Severity details (25)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-ghmn-wkwj-aaam
Aliases	CVE-2023-26054 GHSA-gc89-7gcr-jxqc
Summary	BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build, these credentials could be visible from the provenance attestation. Git URL can be passed in two ways: 1) Invoking build directly from a URL with credentials. 2) If the client sends additional version control system (VCS) info hint parameters on builds from a local source. Usually, that would mean reading the origin URL from `.git/config` file. When a build is performed under specific conditions where credentials were passed to BuildKit they may be visible to everyone who has access to provenance attestation. Provenance attestations and VCS info hints were added in version v0.11.0. Previous versions are not vulnerable. In v0.10, when building directly from Git URL, the same URL could be visible in `BuildInfo` structure that is a predecessor of Provenance attestations. Previous versions are not vulnerable. This bug has been fixed in v0.11.4. Users are advised to upgrade. Users unable to upgrade may disable VCS info hints by setting `BUILDX_GIT_INFO=0`. `buildctl` does not set VCS hints based on `.git` directory, and values would need to be passed manually with `--opt`.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

System	Score	Found at
cvssv3	6.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26054.json
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00187	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00407	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00407	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00407	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00407	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00407	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00407	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00407	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00407	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00407	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00407	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00407	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00407	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00407	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00407	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00407	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.00785	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
epss	0.01288	https://api.first.org/data/v1/epss?cve=CVE-2023-26054
cvssv3.1	9.8	https://github.com/moby/buildkit
generic_textual	CRITICAL	https://github.com/moby/buildkit
cvssv3.1	6.5	https://github.com/moby/buildkit/commit/75123c696506bdbca1ed69906479e200f1b62604
generic_textual	MODERATE	https://github.com/moby/buildkit/commit/75123c696506bdbca1ed69906479e200f1b62604
ssvc	Track	https://github.com/moby/buildkit/commit/75123c696506bdbca1ed69906479e200f1b62604
cvssv3.1	6.5	https://github.com/moby/buildkit/security/advisories/GHSA-gc89-7gcr-jxqc
generic_textual	MODERATE	https://github.com/moby/buildkit/security/advisories/GHSA-gc89-7gcr-jxqc
ssvc	Track	https://github.com/moby/buildkit/security/advisories/GHSA-gc89-7gcr-jxqc
cvssv3.1	6.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC
cvssv3.1	6.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/
cvssv3.1	6.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE
cvssv3.1	6.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/
cvssv3.1	6.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI
generic_textual	MODERATE	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI
cvssv3.1	6.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/
ssvc	Track	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/
cvssv3	6.5	https://nvd.nist.gov/vuln/detail/CVE-2023-26054
cvssv3.1	6.5	https://nvd.nist.gov/vuln/detail/CVE-2023-26054
cvssv3.1	6.5	https://www.rfc-editor.org/rfc/rfc3986#section-3.2.1
generic_textual	MODERATE	https://www.rfc-editor.org/rfc/rfc3986#section-3.2.1

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26054.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-26054
		https://github.com/moby/buildkit
		https://github.com/moby/buildkit/commit/75123c696506bdbca1ed69906479e200f1b62604
		https://github.com/moby/buildkit/security/advisories/GHSA-gc89-7gcr-jxqc
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/
		https://www.rfc-editor.org/rfc/rfc3986#section-3.2.1
2176447		https://bugzilla.redhat.com/show_bug.cgi?id=2176447
cpe:2.3:a:mobyproject:buildkit::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mobyproject:buildkit::::::::
CVE-2023-26054		https://nvd.nist.gov/vuln/detail/CVE-2023-26054
GLSA-202409-29		https://security.gentoo.org/glsa/202409-29
RHSA-2023:3537		https://access.redhat.com/errata/RHSA-2023:3537
RHSA-2023:5952		https://access.redhat.com/errata/RHSA-2023:5952

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26054.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/moby/buildkit

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/moby/buildkit/commit/75123c696506bdbca1ed69906479e200f1b62604

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:19Z/ Found at https://github.com/moby/buildkit/commit/75123c696506bdbca1ed69906479e200f1b62604

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://github.com/moby/buildkit/security/advisories/GHSA-gc89-7gcr-jxqc

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:19Z/ Found at https://github.com/moby/buildkit/security/advisories/GHSA-gc89-7gcr-jxqc

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:30:19Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-26054

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-26054

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://www.rfc-editor.org/rfc/rfc3986#section-3.2.1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.56846
EPSS Score	0.00187
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.