CVE-2023-37378

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-37378
Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory.

5.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
http://sf.net/p/nsis/bugs/1296 Issue Tracking Permissions Required
https://github.com/kichik/nsis/commit/281e2851fe669d10e0650fc89d0e7fb74a598967 Patch
https://github.com/kichik/nsis/commit/409b5841479c44fbf33a6ba97c1146e46f965467 Patch
https://github.com/kichik/nsis/commit/c40cf78994e74a1a3a381a850c996b251e3277c0 Patch
https://lists.debian.org/debian-lts-announce/2023/07/msg00005.html Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A65FBUMHLZ7GBV3VDKUB5EK3A7X2UUWK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZPAAU57IA3NP6UOUXNBUQBAYK3JB2IM/
https://nsis.sourceforge.io/Docs/AppendixF.html#v3.09 Release Notes
https://sourceforge.net/p/nsis/news/2023/07/nsis-309-released/ Release Notes
http://sf.net/p/nsis/bugs/1296 Issue Tracking Permissions Required
https://github.com/kichik/nsis/commit/281e2851fe669d10e0650fc89d0e7fb74a598967 Patch
https://github.com/kichik/nsis/commit/409b5841479c44fbf33a6ba97c1146e46f965467 Patch
https://github.com/kichik/nsis/commit/c40cf78994e74a1a3a381a850c996b251e3277c0 Patch
https://lists.debian.org/debian-lts-announce/2023/07/msg00005.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2024/09/msg00013.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A65FBUMHLZ7GBV3VDKUB5EK3A7X2UUWK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZPAAU57IA3NP6UOUXNBUQBAYK3JB2IM/
https://nsis.sourceforge.io/Docs/AppendixF.html#v3.09 Release Notes
https://sourceforge.net/p/nsis/news/2023/07/nsis-309-released/ Release Notes
Configurations

Configuration 1 (hide)

cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:*:*:*:*:*:*:*:*
History

21 Nov 2024, 08:11

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/09/msg00013.html -
References () http://sf.net/p/nsis/bugs/1296 - Issue Tracking, Permissions Required () http://sf.net/p/nsis/bugs/1296 - Issue Tracking, Permissions Required
References () https://github.com/kichik/nsis/commit/281e2851fe669d10e0650fc89d0e7fb74a598967 - Patch () https://github.com/kichik/nsis/commit/281e2851fe669d10e0650fc89d0e7fb74a598967 - Patch
References () https://github.com/kichik/nsis/commit/409b5841479c44fbf33a6ba97c1146e46f965467 - Patch () https://github.com/kichik/nsis/commit/409b5841479c44fbf33a6ba97c1146e46f965467 - Patch
References () https://github.com/kichik/nsis/commit/c40cf78994e74a1a3a381a850c996b251e3277c0 - Patch () https://github.com/kichik/nsis/commit/c40cf78994e74a1a3a381a850c996b251e3277c0 - Patch
References () https://lists.debian.org/debian-lts-announce/2023/07/msg00005.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2023/07/msg00005.html - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A65FBUMHLZ7GBV3VDKUB5EK3A7X2UUWK/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A65FBUMHLZ7GBV3VDKUB5EK3A7X2UUWK/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZPAAU57IA3NP6UOUXNBUQBAYK3JB2IM/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZPAAU57IA3NP6UOUXNBUQBAYK3JB2IM/ -
References () https://nsis.sourceforge.io/Docs/AppendixF.html#v3.09 - Release Notes () https://nsis.sourceforge.io/Docs/AppendixF.html#v3.09 - Release Notes
References () https://sourceforge.net/p/nsis/news/2023/07/nsis-309-released/ - Release Notes () https://sourceforge.net/p/nsis/news/2023/07/nsis-309-released/ - Release Notes

07 Nov 2023, 04:16

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZPAAU57IA3NP6UOUXNBUQBAYK3JB2IM/', 'name': 'FEDORA-2023-dfb6cc599f', 'tags': [], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A65FBUMHLZ7GBV3VDKUB5EK3A7X2UUWK/', 'name': 'FEDORA-2023-b9ec99605f', 'tags': [], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A65FBUMHLZ7GBV3VDKUB5EK3A7X2UUWK/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OZPAAU57IA3NP6UOUXNBUQBAYK3JB2IM/ -

13 Jul 2023, 23:15

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A65FBUMHLZ7GBV3VDKUB5EK3A7X2UUWK/ -
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZPAAU57IA3NP6UOUXNBUQBAYK3JB2IM/ -

11 Jul 2023, 15:36

Type Values Removed Values Added
First Time Nullsoft nullsoft Scriptable Install System
Nullsoft
CWE NVD-CWE-noinfo
References (MISC) https://sourceforge.net/p/nsis/news/2023/07/nsis-309-released/ - (MISC) https://sourceforge.net/p/nsis/news/2023/07/nsis-309-released/ - Release Notes
References (MISC) http://sf.net/p/nsis/bugs/1296 - (MISC) http://sf.net/p/nsis/bugs/1296 - Issue Tracking, Permissions Required
References (MISC) https://github.com/kichik/nsis/commit/409b5841479c44fbf33a6ba97c1146e46f965467 - (MISC) https://github.com/kichik/nsis/commit/409b5841479c44fbf33a6ba97c1146e46f965467 - Patch
References (MISC) https://nsis.sourceforge.io/Docs/AppendixF.html#v3.09 - (MISC) https://nsis.sourceforge.io/Docs/AppendixF.html#v3.09 - Release Notes
References (MISC) https://github.com/kichik/nsis/commit/281e2851fe669d10e0650fc89d0e7fb74a598967 - (MISC) https://github.com/kichik/nsis/commit/281e2851fe669d10e0650fc89d0e7fb74a598967 - Patch
References (MLIST) https://lists.debian.org/debian-lts-announce/2023/07/msg00005.html - (MLIST) https://lists.debian.org/debian-lts-announce/2023/07/msg00005.html - Mailing List, Third Party Advisory
References (MISC) https://github.com/kichik/nsis/commit/c40cf78994e74a1a3a381a850c996b251e3277c0 - (MISC) https://github.com/kichik/nsis/commit/c40cf78994e74a1a3a381a850c996b251e3277c0 - Patch
CPE cpe:2.3:a:nullsoft:nullsoft_scriptable_install_system:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 5.3

07 Jul 2023, 15:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2023/07/msg00005.html -

03 Jul 2023, 20:31

Type Values Removed Values Added
New CVE
Information

Published : 2023-07-03 20:15

Updated : 2024-11-21 08:11

NVD link : CVE-2023-37378

Mitre link : CVE-2023-37378

CVE.ORG link : CVE-2023-37378

JSON object : View

Products Affected

nullsoft

  • nullsoft_scriptable_install_system
CWE
NVD-CWE-noinfo

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024