CVE-2023-43091

A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary code.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
fedoraCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
Debian logo
Debian Releases
Debian Product
Codename
gnome-maps
bullseye
3.38.6-0+deb11u1
not-affected
bookworm
ignored
buster
not-affected
sid
47.2-1
fixed
trixie
47.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gnome-maps
oracular
not-affected
noble
needs-triage
mantic
ignored
lunar
ignored
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
trusty
ignored
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=2239091
https://gitlab.gnome.org/GNOME/gnome-maps/-/commit/d26cd774d524404ef7784e6808f551de83de4bea
https://gitlab.gnome.org/GNOME/gnome-maps/-/issues/588