CVE-2023-4413

A vulnerability was found in rkhunter Rootkit Hunter 1.4.4/1.4.6. It has been classified as problematic. Affected is an unknown function of the file /var/log/rkhunter.log. The manipulation leads to sensitive information in log files. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237516.

CVSS v3.0 2.5 LOW

2.5^/10

CVSS v3.0 : LOW

Vector :

Exploitability : 1.0 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://gist.github.com/MatheuZSecurity/16ef0219db8f85f49f945a25d5eb42d7	Exploit Third Party Advisory
https://vuldb.com/?id.237516	Third Party Advisory
https://youtu.be/etHt1TNAgs8	Exploit
https://vuldb.com/?ctiid.237516	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:rootkit_hunter_project:rootkit_hunter:1.4.4:::::::*
	cpe:2.3:a:rootkit_hunter_project:rootkit_hunter:1.4.6:::::::*

Information

Published : 2023-08-18 15:15

Updated : 2023-08-24 13:30

NVD link : CVE-2023-4413

Mitre link : CVE-2023-4413

JSON object : View

Products Affected

rootkit_hunter_project

rootkit_hunter

CWE

CWE-532

Insertion of Sensitive Information into Log File

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://gist.github.com/MatheuZSecurity/16ef0219db8f85f49f945a25d5eb42d7", "name": "https://gist.github.com/MatheuZSecurity/16ef0219db8f85f49f945a25d5eb42d7", "tags": ["Exploit", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://vuldb.com/?id.237516", "name": "https://vuldb.com/?id.237516", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://youtu.be/etHt1TNAgs8", "name": "https://youtu.be/etHt1TNAgs8", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "https://vuldb.com/?ctiid.237516", "name": "https://vuldb.com/?ctiid.237516", "tags": ["Permissions Required"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability was found in rkhunter Rootkit Hunter 1.4.4/1.4.6. It has been classified as problematic. Affected is an unknown function of the file /var/log/rkhunter.log. The manipulation leads to sensitive information in log files. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237516."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-532"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-4413", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.5, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.0}}, "publishedDate": "2023-08-18T15:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:rootkit_hunter_project:rootkit_hunter:1.4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rootkit_hunter_project:rootkit_hunter:1.4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-08-24T13:30Z"}