VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-jrm1-d798-aaam

Essentials
Severities (91)
References (10)
Severity details (10)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-jrm1-d798-aaam
Aliases	CVE-2023-51698
Summary	Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6.
Status	Published
Exploitability	0.5
Weighted Severity	8.6
Risk	4.3
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

System	Score	Found at
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.00133	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.00141	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.00173	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.00173	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01449	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01956	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01956	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01956	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01956	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01956	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01956	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01956	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01956	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01956	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01956	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01956	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01956	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.01956	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.10365	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.10365	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.10365	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.10365	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.10365	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.10365	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.10365	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.10365	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.10365	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.10365	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.11971	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.11971	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.11971	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.11971	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
epss	0.37218	https://api.first.org/data/v1/epss?cve=CVE-2023-51698
cvssv3.1	9.6	https://github.com/mate-desktop/atril/commit/ce41df6467521ff9fd4f16514ae7d6ebb62eb1ed
ssvc	Track*	https://github.com/mate-desktop/atril/commit/ce41df6467521ff9fd4f16514ae7d6ebb62eb1ed
cvssv3.1	9.6	https://github.com/mate-desktop/atril/security/advisories/GHSA-34rr-j8v9-v4p2
ssvc	Track*	https://github.com/mate-desktop/atril/security/advisories/GHSA-34rr-j8v9-v4p2
cvssv3.1	9.6	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT3UIQOSZ6UNH5QTFOOY2DJ4MITM2C2C/
ssvc	Track*	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT3UIQOSZ6UNH5QTFOOY2DJ4MITM2C2C/
cvssv3.1	9.6	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZKXNZ3HGH6KH65OEKVCEAOZJWNZ32FQ/
ssvc	Track*	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZKXNZ3HGH6KH65OEKVCEAOZJWNZ32FQ/
cvssv3	8.8	https://nvd.nist.gov/vuln/detail/CVE-2023-51698
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2023-51698

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2023-51698
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51698
		https://github.com/mate-desktop/atril/commit/ce41df6467521ff9fd4f16514ae7d6ebb62eb1ed
		https://github.com/mate-desktop/atril/security/advisories/GHSA-34rr-j8v9-v4p2
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT3UIQOSZ6UNH5QTFOOY2DJ4MITM2C2C/
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZKXNZ3HGH6KH65OEKVCEAOZJWNZ32FQ/
1060751		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1060751
cpe:2.3:a:mate-desktop:atril::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mate-desktop:atril::::::::
CVE-2023-51698		https://nvd.nist.gov/vuln/detail/CVE-2023-51698
USN-7274-1		https://usn.ubuntu.com/7274-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L Found at https://github.com/mate-desktop/atril/commit/ce41df6467521ff9fd4f16514ae7d6ebb62eb1ed

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-01-23T21:42:27Z/ Found at https://github.com/mate-desktop/atril/commit/ce41df6467521ff9fd4f16514ae7d6ebb62eb1ed

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L Found at https://github.com/mate-desktop/atril/security/advisories/GHSA-34rr-j8v9-v4p2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-01-23T21:42:27Z/ Found at https://github.com/mate-desktop/atril/security/advisories/GHSA-34rr-j8v9-v4p2

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT3UIQOSZ6UNH5QTFOOY2DJ4MITM2C2C/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-01-23T21:42:27Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT3UIQOSZ6UNH5QTFOOY2DJ4MITM2C2C/

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZKXNZ3HGH6KH65OEKVCEAOZJWNZ32FQ/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-51698

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-51698

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.49099
EPSS Score	0.00133
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
2024-01-13T11:05:01.346295+00:00	NVD Importer	Import	https://nvd.nist.gov/vuln/detail/CVE-2023-51698	34.0.0rc2