CVE-2023-44387

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Oct 5, 2023
Updated: Jan 21, 2024
CWE ID 732

Summary

CVE-2023-44387 is a vulnerability affecting Gradle, a build tool used for build automation and multi-language development. The vulnerability occurs when copying or archiving symlinked files, as Gradle applies the permissions of the symlink itself instead of the permissions of the linked file. This results in files having excessive permissions since symlinks are typically world-readable and writable. While this vulnerability may not directly lead to an exploit in the build process, it could potentially create attack vectors depending on where the build artifacts are copied or un-archived. Versions 7.6.3, 8.4, and above of Gradle have addressed this issue by properly using the permissions of the file pointed at by the symlink to set permissions for the copied or archived file. The vulnerability has a base severity rating of MEDIUM with a base score of 6.5 according to NIST's National Vulnerability Database (NVD). The confidentiality impact is rated as HIGH, while exploitability requires low privileges and no user interaction.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-44387 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options