CVE-2022-32278EXO vulnerability

5 documents5 sources
Severity
8.8HIGHNVD
EPSS
0.8%
top 25.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Xfce EXODebian EXODebian Linux
Timeline
PublishedJun 13
Latest updateApr 11

Description

XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

NVDxfce/exo4.17.04.17.2+1
Debianxfce/exo< 4.16.0-1+deb11u1+3
debiandebian/exo< exo 4.16.4-1 (bookworm)

Also affects: Debian Linux 10.0, 11.0, 9.0

Patches

Patch: gitlab.xfce.orgPatch: gitlab.xfce.org

🔴Vulnerability Details

2
GHSA
GHSA-9xwj-fh68-48fj: XFCE 42022-06-14
OSV
CVE-2022-32278: XFCE 42022-06-13

📋Vendor Advisories

2
Ubuntu
Exo vulnerability2023-04-11
Debian
CVE-2022-32278: exo - XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execut...2022